local allowed
This commit is contained in:
Livio Amstutz
parent
47fc3da583
commit
f73575728f
1 changed files with 14 additions and 1 deletions
|
|
@ -3,6 +3,7 @@ package op
|
|||
import (
|
||||
"errors"
|
||||
"net/url"
|
||||
"os"
|
||||
"strings"
|
||||
)
|
||||
|
||||
|
|
@ -30,7 +31,7 @@ func ValidateIssuer(issuer string) error {
|
|||
return errors.New("host for issuer missing")
|
||||
}
|
||||
if u.Scheme != "https" {
|
||||
if !(u.Scheme == "http" && (u.Host == "localhost" || u.Host == "127.0.0.1" || u.Host == "::1" || strings.HasPrefix(u.Host, "localhost:"))) { //TODO: ?
|
||||
if devLocalAllowed(u) {
|
||||
return errors.New("scheme for issuer must be `https`")
|
||||
}
|
||||
}
|
||||
|
|
@ -39,3 +40,15 @@ func ValidateIssuer(issuer string) error {
|
|||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func devLocalAllowed(url *url.URL) bool {
|
||||
_, b := os.LookupEnv("CAOS_OIDC_DEV")
|
||||
if !b {
|
||||
return b
|
||||
}
|
||||
return url.Scheme == "http" &&
|
||||
url.Host == "localhost" ||
|
||||
url.Host == "127.0.0.1" ||
|
||||
url.Host == "::1" ||
|
||||
strings.HasPrefix(url.Host, "localhost:")
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue