-
Notifications
You must be signed in to change notification settings - Fork 178
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(sendRedirect): always encode location uri
- Loading branch information
Showing
1 changed file
with
5 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
01476ac
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This just destoryed our OAuth Flow. Why was this even introduced, I can't find a corresponding issue? This seems like a non-fix.
01476ac
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MurmeltierS It was from a security report not published yet. Sorry for the inconvenience. Can you please explain why this broke your flow with encoding? Would be happy to make a hotfix asap.
01476ac
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MurmeltierS when using this to forward to an OAuth URL Query Parameters get double-URI-encoded. This will most definitely break things on the other end.
e.g.:
https://foobar.myshopify.com/admin/oauth/authorize?client_id=6a63bcef27a43f48e07c239bc9741cd8&scope=write_products%252Cwrite_files&redirect_uri=https%253A%252F%252Fpictofit-shopify-app.vercel.app%252Fauth%252Fcallback-login&state=848902450404611&grant_options%255B%255D=per-user
instead of the correct urlhttps://foobar.myshopify.com/admin/oauth/authorize?client_id=6a63bcef27a43f48e07c239bc9741cd8&scope=write_products%2Cwrite_files&redirect_uri=https%3A%2F%2Fpictofit-shopify-app.vercel.app%2Fauth%2Fcallback-login&state=848902450404611&grant_options%5B%5D=per-user
01476ac
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix on the way!
01476ac
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be fixed in latest. Please try updating lockfile. (04b432c)