string.Equals in AccountController will not match *
Opened this issue · 0 comments
O-Mutt commented
AccountController ~line 270
if (!string.Equals(client.AllowedOrigin, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase))
This line does not match origin of * to any origin as string.Equals doe not account for regex.
Maybe something more like
Regex allowOriginRegex = new Regex(client.AllowedOrigin, RegexOptions.IgnoreCase);
if (!string.Equals(client.AllowedOrigin, redirectUri.GetLeftPart(UriPartial.Authority), StringComparison.OrdinalIgnoreCase) || allowOriginRegex.match( redirectUri.GetLeftPart(UriPartial.Authority))