check oauth2 authorization code redirect for exact 'code' query parameter (#1777)

Co-authored-by: Stefan Grüttner <stefan.gruettner@deutschebahn.com>
2026-06-24 05:05:39 +00:00 · 2024-03-22 14:13:12 +01:00
parent e278116356
commit 753ca4341f
1 changed files with 1 additions and 1 deletions
--- a/packages/bruno-electron/src/ipc/network/authorize-user-in-window.js
+++ b/packages/bruno-electron/src/ipc/network/authorize-user-in-window.js
@@ -24,7 +24,7 @@ const authorizeUserInWindow = ({ authorizeUrl, callbackUrl, session }) => {

    function onWindowRedirect(url) {
      // check if the url contains an authorization code
-      if (url.match(/(code=).*/)) {
+      if (new URL(url).searchParams.has('code')) {
        finalUrl = url;
        if (!url || !finalUrl.includes(callbackUrl)) {
          reject(new Error('Invalid Callback Url'));