Skip to content

Commit 2f31ced

Browse files
jricherjricher
committed
set redirect URI matching to strict by default
1 parent 7e6864f commit 2f31ced

File tree

2 files changed

+3
-1
lines changed

2 files changed

+3
-1
lines changed

CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
Unreleased:
22
- Added changelog
3+
- Set default redirect URI resolver strict matching to true
4+
- Fixed XSS vulnerability on redirect URI display on approval page
35

46
*1.3.1*:
57
- Added End Session endpoint

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
4747
@Autowired
4848
private ConfigurationPropertiesBean config;
4949

50-
private boolean strictMatch = false;
50+
private boolean strictMatch = true;
5151

5252
/* (non-Javadoc)
5353
* @see org.springframework.security.oauth2.provider.endpoint.RedirectResolver#resolveRedirect(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)

0 commit comments

Comments
 (0)