[openstreetmap/openstreetmap-website] Allow localhost on list of redirect URIs for OAuth2 applications (Issue #3613)

Aadesh Baral notifications at github.com
Fri Jul 22 06:53:02 UTC 2022 

### Description

When registering the OAuth2 application, the only non-HTTPS redirect URI allowed is "http://127.0.0.1". When running an application locally, many of them automatically launch on 'localhost'. Because I am limited to using "http://127.0.0.1" as a non-HTTPS redirect URI, this causes a CORS error because my application will be running on localhost and I will be redirected to 127.0.0.1 after OAuth is finished.
As an illustration, while working on Tasking Manager's OAuth2 implementation (https://github.com/hotosm/tasking-manager/pull/5029), which by default begins on localhost, we encountered a CORS error and instructed our developers to restart the application on "127.0.0.1" rather than localhost. Similar problems were faced while upgrading the osm-auth library from OAuth1 to OAuth2.

### Screenshots

![osm_oauth2_form](https://user-images.githubusercontent.com/67958673/180381028-245cbb6e-c686-42e7-b5b7-fb41e53eea9e.png)


-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3613
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/3613 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20220721/7e5072d6/attachment.htm>

More information about the rails-dev mailing list