providers/oauth2: Set CORS Headers for token endpoint, check Origin header against redirect URLs

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-18 14:20:50 +02:00
parent 52abd959eb
commit f328b21e89
7 changed files with 170 additions and 118 deletions
--- a/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts
+++ b/web/src/pages/providers/oauth2/OAuth2ProviderForm.ts
@ -113,9 +113,12 @@ export class OAuth2ProviderFormPage extends Form<OAuth2Provider> {
                        <input type="text" value="${first(this.provider?.clientSecret, randomString(128))}" class="pf-c-form-control">
                    </ak-form-element-horizontal>
                    <ak-form-element-horizontal
-                        label=${t`Redirect URIs`}
+                        label=${t`Redirect URIs/Origins`}
                        name="redirectUris">
                        <textarea class="pf-c-form-control">${this.provider?.redirectUris}</textarea>
+                        <p class="pf-c-form__helper-text">
+                            ${t`Valid redirect URLs after a successful authorization flow. Also specify any origins here for CORS Headers.`}
+                        </p>
                    </ak-form-element-horizontal>
                </div>
            </ak-form-group>