Skip to content

feat(ILOC): allow custom URL schemas #101197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat(ILOC): allow custom URL schemas #101197

wants to merge 2 commits into from
+76 −1

Conversation

armcknight
Copy link
Member

Allow for custom redirect URI schemas to allow the mobile app to respond to a non-HTTP redirect for its auth. See https://www.notion.so/sentry/Seer-Mobile-Auth-2628b10e4b5d80e589dcdbb2e03782d5.

@armcknight armcknight requested a review from a team as a code owner October 8, 2025 19:48
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Oct 8, 2025
@codecov Codecov
Copy link

codecov bot commented Oct 8, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 88.23529% with 2 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...rc/sentry/api/endpoints/api_application_details.py 88.23% 2 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##           master   #101197      +/-   ##
===========================================
+ Coverage   81.11%    81.17%   +0.06%     
===========================================
  Files        8595      8624      +29     
  Lines      380872    382792    +1920     
  Branches    23899     23899              
===========================================
+ Hits       308954    310746    +1792     
- Misses      71556     71684     +128     
  Partials      362       362

cursor[bot]
cursor bot reviewed Oct 8, 2025
View reviewed changes
src/sentry/api/endpoints/api_application_details.py
return data

if data == "":
self.fail("invalid")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: URL Field Ignores Blank Allowance

The CustomSchemeURLField unconditionally rejects empty strings, even when allow_blank=True is configured. This bypasses the intended allow_blank behavior, causing validation to fail unexpectedly for empty inputs.

Fix in Cursor Fix in Web

markstory
markstory reviewed Oct 9, 2025
View reviewed changes
src/sentry/api/endpoints/api_application_details.py
Comment on lines +38 to +40
parsed = urlparse(data)
if not parsed.scheme or not parsed.netloc:
self.fail("invalid")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we disallow custom schemes that overlap with known protocols? I'm thinking of things like file://, ftp://, irc://, mailto://, javascript://, odbc:// and s3://?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markstory markstory markstory left review comments

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Scope: Backend Automatically applied to PRs that change backend components
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@armcknight @markstory