[openstreetmap/openstreetmap-website] Allow localhost on list of redirect URIs for OAuth2 applications (Issue #3613)
Aadesh Baral
notifications at github.com
Fri Jul 22 06:53:02 UTC 2022
### Description
When registering the OAuth2 application, the only non-HTTPS redirect URI allowed is "http://127.0.0.1". When running an application locally, many of them automatically launch on 'localhost'. Because I am limited to using "http://127.0.0.1" as a non-HTTPS redirect URI, this causes a CORS error because my application will be running on localhost and I will be redirected to 127.0.0.1 after OAuth is finished.
As an illustration, while working on Tasking Manager's OAuth2 implementation (https://github.com/hotosm/tasking-manager/pull/5029), which by default begins on localhost, we encountered a CORS error and instructed our developers to restart the application on "127.0.0.1" rather than localhost. Similar problems were faced while upgrading the osm-auth library from OAuth1 to OAuth2.
### Screenshots

--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3613
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/3613 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20220721/7e5072d6/attachment.htm>
More information about the rails-dev
mailing list