this repo has no description
note on auth endpoint SSRF
+2
-1
+2
-1
atproto/auth/oauth/oauth.go
+2
-1
atproto/auth/oauth/oauth.go
···
562
562
params.Set("client_id", app.Config.ClientID)
563
563
params.Set("request_uri", info.RequestURI)
564
564
565
-
// NOTE: AuthorizationEndpoint was already checked to be a clean URL
565
+
// AuthorizationEndpoint was already checked to be a clean URL
566
+
// TODO: could do additional SSRF checks on the redirect domain here
566
567
redirectURL := fmt.Sprintf("%s?%s", authserverMeta.AuthorizationEndpoint, params.Encode())
567
568
return redirectURL, nil
568
569
}