diff options
| author | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-02-07 22:14:06 +0300 | 
|---|---|---|
| committer | Ivan Tashkinov <ivantashkinov@gmail.com> | 2019-02-07 22:14:06 +0300 | 
| commit | 2c68cf7e9ee6718f83f2209e6b009b02b50bc8f4 (patch) | |
| tree | 69d0992f5f10364a993989b6cc16a618b931c6d7 /test/web/twitter_api/representers | |
| parent | d84392c9e05342a70d3a759ac380dcd41f22ed0e (diff) | |
| download | pleroma-2c68cf7e9ee6718f83f2209e6b009b02b50bc8f4.tar.gz pleroma-2c68cf7e9ee6718f83f2209e6b009b02b50bc8f4.zip | |
OAuth2 security fixes: redirect URI validation, "Mastodon-Local" security breach fix.
(`POST /api/v1/apps` could create "Mastodon-Local" app wth any redirect_uris,
and if that happened before /web/login is accessed for the first time
then Pleroma used this externally created record with arbitrary
redirect_uris and client_secret known by creator).
Diffstat (limited to 'test/web/twitter_api/representers')
0 files changed, 0 insertions, 0 deletions
