@@ -311,7 +311,7 @@ protected function getRequestBody(StreamInterface|array|string $body, RequestInt
311311 /**
312312 * Determine the request target from the given URI (path segment or URL) with respect to $apiURL,
313313 * anything except host and path will be ignored, scheme will always be set to "https".
314- * Throws if the given path is invalid or if the host of a given URL does not match $apiURL.
314+ * Throws if the host of a given URL does not match the host of $apiURL.
315315 *
316316 * @see \chillerlan\OAuth\Core\OAuthInterface::request()
317317 *
@@ -335,12 +335,8 @@ protected function getRequestTarget(string $uri):string{
335335
336336 // for some reason we were given a host name
337337
338- if ($ parsedURLgetScheme () !== 'https ' ){
339- throw new ProviderException (sprintf ('scheme of the URL (%s) must be "https" if host is given ' , $ parsedURL
340- }
341-
342- // we explicitly ignore any existing parameters here
343- $ parsedURL$ parsedURLwithQuery ('' )->withFragment ('' );
338+ // we explicitly ignore any existing parameters here and enforce https
339+ $ parsedURL$ parsedURLwithScheme ('https ' )->withQuery ('' )->withFragment ('' );
344340 $ apiHost$ apigetHost ();
345341
346342 if ($ parsedHost$ apiHost
@@ -362,7 +358,6 @@ protected function getRequestTarget(string $uri):string{
362358 return (string )$ parsedURL
363359 }
364360
365- // back out if it doesn't match
366361 throw new ProviderException (sprintf ('given host (%s) does not match provider (%s) ' , $ parsedHost$ apiHost
367362 }
368363
OAuthProvider::getRequestTarget() enforce https instead of throwing
0 commit comments