MCPcopy Index your code
hub / github.com/coder/coder / validateScheme

Function validateScheme

codersdk/oauth2_validation.go:96–119  ·  view source on GitHub ↗
(u *url.URL)

Source from the content-addressed store, hash-verified

94}
95
96func validateScheme(u *url.URL) error {
97 if u.Scheme == "" {
98 return xerrors.New("redirect URI must have a scheme")
99 }
100
101 // Handle special URNs (RFC 6749 section 3.1.2.1).
102 if u.Scheme == "urn" {
103 if u.String() == "urn:ietf:wg:oauth:2.0:oob" {
104 return nil
105 }
106 return xerrors.New("redirect URI uses unsupported URN scheme")
107 }
108
109 // Block dangerous schemes for security (not allowed by RFCs
110 // for OAuth2).
111 dangerousSchemes := []string{"javascript", "data", "file", "ftp"}
112 for _, dangerous := range dangerousSchemes {
113 if strings.EqualFold(u.Scheme, dangerous) {
114 return xerrors.Errorf("redirect URI uses dangerous scheme %s which is not allowed", dangerous)
115 }
116 }
117
118 return nil
119}
120
121// validateRedirectURIs validates redirect URIs according to RFC 7591, 8252
122func validateRedirectURIs(uris []string, tokenEndpointAuthMethod OAuth2TokenEndpointAuthMethod) error {

Callers 2

validateRedirectURIsFunction · 0.85

Calls 3

NewMethod · 0.65
StringMethod · 0.45
ErrorfMethod · 0.45

Tested by

no test coverage detected