string.Equals in AccountController will not match *

Question

string.Equals in AccountController will not match *

Opened this issue 9 years ago · 0 comments

AccountController ~line 270

 if (!string.Equals(client.AllowedOrigin, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase))

This line does not match origin of * to any origin as string.Equals doe not account for regex.

Maybe something more like

Regex allowOriginRegex = new Regex(client.AllowedOrigin, RegexOptions.IgnoreCase);
if (!string.Equals(client.AllowedOrigin, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase) || allowOriginRegex.match( redirectUri.GetLeftPart(UriPartial.Authority))