External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
keycloak/docs/documentation/release_notes/topics/21_1_2.adoc
Ricardo Martin 1973d0f0d4 Check the redirect URI is http(s) when used for a form Post (#22) 
Closes https://github.com/keycloak/security/issues/22

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-06-28 17:52:48 -03:00

4 lines
392 B
Plaintext
Raw Blame History

= Changes in validating schemes for valid redirect URIs
If an application client is using non http(s) custom schemes, from now on the validation requires that a valid redirect pattern explicitly allows that scheme. Example patterns for allowing `custom` scheme are `custom:/test`, `custom:/test/\*` or `custom:*`. For security reasons a general pattern like `*` does not cover them anymore.
Reference in New Issue View Git Blame Copy Permalink