Perform more complex checking of callback URLs

Authored by bd808 on Jun 14 2017, 12:45 AM.

Description

Perform more complex checking of callback URLs

Protocol of the callback URL is allowed to be upgraded from http to
https, but not downgraded from https to http.

Rather than a simple prefix match, ensure that the callback strictly
matches the host of the known prefix. This prevents a theoretical
highjacking attack against registered callbacks which do not include
a path component at all (e.g. "https://example.com").

Another possible highjacking vector of adding a port when the registered
callback specifies neither a port nor a path is also disallowed. There
is one known use of this former behavior in the MediaWiki-Vagrant
OAuthAuthentication testing role that will be broken by this stricter
validation.

Change-Id: I96407eade800965603c5c281be0636c9da50ea1c

Details

Committed
bd808Jun 19 2017, 2:23 AM
Parents
rEOAU772f61dcd7de: Use short array syntax
Branches
Unknown
Tags
Unknown
References
refs/changes/97/358897/5
ChangeId
I96407eade800965603c5c281be0636c9da50ea1c