From a555caab255cd62f7ae6f6d1a00a9122d5af858b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Wed, 17 Apr 2024 18:28:58 +0200 Subject: [PATCH] fix(core): Exclude oAuth callback urls from browser-id checks fixes #9151 --- packages/cli/src/auth/auth.service.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/cli/src/auth/auth.service.ts b/packages/cli/src/auth/auth.service.ts index f8e332cbfe781..994e699c0386a 100644 --- a/packages/cli/src/auth/auth.service.ts +++ b/packages/cli/src/auth/auth.service.ts @@ -42,6 +42,10 @@ const skipBrowserIdCheckEndpoints = [ // We need to exclude binary-data downloading endpoint because we can't send custom headers on `` tags `/${restEndpoint}/binary-data`, + + // oAuth callback urls aren't called by the frontend. therefore we can't send custom header on these requests + `/${restEndpoint}/oauth1-credential/callback`, + `/${restEndpoint}/oauth2-credential/callback`, ]; @Service()