From 753ca4341fd9898647a40f9e76405198eae9807f Mon Sep 17 00:00:00 2001
From: Stefan <7240279+layereight@users.noreply.github.com>
Date: Fri, 22 Mar 2024 14:13:12 +0100
Subject: [PATCH] check oauth2 authorization code redirect for exact 'code'
 query parameter (#1777)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Stefan Grüttner <stefan.gruettner@deutschebahn.com>
---
 .../bruno-electron/src/ipc/network/authorize-user-in-window.js  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/bruno-electron/src/ipc/network/authorize-user-in-window.js b/packages/bruno-electron/src/ipc/network/authorize-user-in-window.js
index d604d2df7..0318271b9 100644
--- a/packages/bruno-electron/src/ipc/network/authorize-user-in-window.js
+++ b/packages/bruno-electron/src/ipc/network/authorize-user-in-window.js
@@ -24,7 +24,7 @@ const authorizeUserInWindow = ({ authorizeUrl, callbackUrl, session }) => {
 
     function onWindowRedirect(url) {
       // check if the url contains an authorization code
-      if (url.match(/(code=).*/)) {
+      if (new URL(url).searchParams.has('code')) {
         finalUrl = url;
         if (!url || !finalUrl.includes(callbackUrl)) {
           reject(new Error('Invalid Callback Url'));