API: Fix missing wildcards after login redirect (#4348)

This PR fixes an issue where the `scopes` parameter would see its wildmark
characters (*) removed during the login page redirection, after that a call
to `/authorize_token` was made while the user was not logged in.

Closes issue 4200
This commit is contained in:
Samantaz Fox 2024-02-12 22:30:48 +01:00
commit c85b908613
No known key found for this signature in database
GPG Key ID: F42821059186176E

View File

@ -262,7 +262,7 @@ def get_referer(env, fallback = "/", unroll = true)
end
referer = referer.request_target
referer = "/" + referer.gsub(/[^\/?@&%=\-_.:,0-9a-zA-Z]/, "").lstrip("/\\")
referer = "/" + referer.gsub(/[^\/?@&%=\-_.:,*0-9a-zA-Z]/, "").lstrip("/\\")
if referer == env.request.path
referer = fallback