diff --git a/authorize_helper.go b/authorize_helper.go index 7d2a10b8..4514a4aa 100644 --- a/authorize_helper.go +++ b/authorize_helper.go @@ -180,7 +180,7 @@ func IsRedirectURISecure(ctx context.Context, redirectURI *url.URL) bool { // IsRedirectURISecureStrict is stricter than IsRedirectURISecure and it does not allow custom-scheme // URLs because they can be hijacked for native apps. Use claimed HTTPS redirects instead. // See discussion in https://github.com/ory/fosite/pull/489. -func IsRedirectURISecureStrict(redirectURI *url.URL) bool { +func IsRedirectURISecureStrict(ctx context.Context, redirectURI *url.URL) bool { return redirectURI.Scheme == "https" || (redirectURI.Scheme == "http" && IsLocalhost(redirectURI)) } diff --git a/authorize_helper_test.go b/authorize_helper_test.go index fcb79934..637c6bc6 100644 --- a/authorize_helper_test.go +++ b/authorize_helper_test.go @@ -309,7 +309,7 @@ func TestIsRedirectURISecureStrict(t *testing.T) { } { uu, err := url.Parse(c.u) require.NoError(t, err) - assert.Equal(t, !c.err, fosite.IsRedirectURISecureStrict(uu), "case %d", d) + assert.Equal(t, !c.err, fosite.IsRedirectURISecureStrict(context.Background(), uu), "case %d", d) } }