connect2id / OAuth 2.0 SDK with OpenID Connect extensions / issues / #325 - Prohibit insecure redirect_uri and post_logout_redirect_uri URI schemes, such as data, javascript, etc from being registered — Bitbucket

Issue #325 resolved

Yavor Vasilev created an issue 2020-11-13

The case is explained here: https://security.lauritz-holtmann.de/post/sso-security-redirect-uri/

Comments (4)

Yavor Vasilev reporter
- edited description
- 2020-11-13T09:39:34+00:00
Yavor Vasilev reporter
- changed title to Prohibit insecure redirect_uri URI schemes, such as data, javascript, etc from being registered
- 2020-11-13T09:39:53+00:00
Yavor Vasilev reporter
- changed title to Prohibit insecure redirect_uri and post_logout_redirect_uri URI schemes, such as data, javascript, etc from being registered
- 2020-11-13T10:18:36+00:00
Yavor Vasilev reporter
- changed status to resolved
Done: 93408838
- 2020-11-13T10:26:15+00:00
Log in to comment

Assignee: –

Type: bug

Priority: critical

Status: resolved

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!