Skip to content

Commit

Permalink
fix(server): Remove XSS vulnerability. Fixes #3942 (#3975)
Browse files Browse the repository at this point in the history
  • Loading branch information
alexec committed Sep 10, 2020
1 parent 1215d9e commit 089e186
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion server/auth/sso/sso.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ func (s *sso) HandleCallback(w http.ResponseWriter, r *http.Request) {
}
if state != cookie.Value {
w.WriteHeader(401)
_, _ = w.Write([]byte(fmt.Sprintf("invalid state: %s", state)))
_, _ = w.Write([]byte("invalid state: does not match cookie value"))
return
}
oauth2Token, err := s.config.Exchange(ctx, r.URL.Query().Get("code"))
Expand Down

0 comments on commit 089e186

Please sign in to comment.