fix(core): Exclude oAuth callback urls from browser-id checks (#9158)

n8n-io · Apr 18, 2024 · 58b6a9d · 58b6a9d
1 parent c9d208c
commit 58b6a9d
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/packages/cli/src/auth/auth.service.ts b/packages/cli/src/auth/auth.service.ts
@@ -42,6 +42,10 @@ const skipBrowserIdCheckEndpoints = [
 
 	// We need to exclude binary-data downloading endpoint because we can't send custom headers on `<embed>` tags
 	`/${restEndpoint}/binary-data`,
+
+	// oAuth callback urls aren't called by the frontend. therefore we can't send custom header on these requests
+	`/${restEndpoint}/oauth1-credential/callback`,
+	`/${restEndpoint}/oauth2-credential/callback`,
 ];
 
 @Service()