Skip to content
Snippets Groups Projects
Commit 2c68cf7e authored by Ivan Tashkinov's avatar Ivan Tashkinov
Browse files

OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix. 

(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
parent d84392c9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment