Fix confirmation redirect to app without Location
header
This commit is contained in:
parent
d6df33da2e
commit
363a763a09
3 changed files with 12 additions and 1 deletions
|
@ -40,7 +40,7 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
|
|||
|
||||
def after_confirmation_path_for(_resource_name, user)
|
||||
if user.created_by_application && truthy_param?(:redirect_to_app)
|
||||
user.created_by_application.redirect_uri
|
||||
user.created_by_application.confirmation_redirect_uri
|
||||
else
|
||||
super
|
||||
end
|
||||
|
|
|
@ -8,4 +8,8 @@ module ApplicationExtension
|
|||
validates :website, url: true, length: { maximum: 2_000 }, if: :website?
|
||||
validates :redirect_uri, length: { maximum: 2_000 }
|
||||
end
|
||||
|
||||
def confirmation_redirect_uri
|
||||
redirect_uri.lines.first.strip
|
||||
end
|
||||
end
|
||||
|
|
|
@ -130,6 +130,13 @@ Doorkeeper.configure do
|
|||
#
|
||||
force_ssl_in_redirect_uri false
|
||||
|
||||
# Specify what redirect URI's you want to block during Application creation.
|
||||
# Any redirect URI is whitelisted by default.
|
||||
#
|
||||
# You can use this option in order to forbid URI's with 'javascript' scheme
|
||||
# for example.
|
||||
forbid_redirect_uri { |uri| %w[data vbscript javascript].include?(uri.scheme.to_s.downcase) }
|
||||
|
||||
# Specify what grant flows are enabled in array of Strings. The valid
|
||||
# strings and the flows they enable are:
|
||||
#
|
||||
|
|
Loading…
Reference in a new issue