diff --git a/session/oauthctl.go b/session/oauthctl.go index 684c5b6..11abb53 100644 --- a/session/oauthctl.go +++ b/session/oauthctl.go @@ -55,11 +55,9 @@ func RedirectGitHubHandler(w http.ResponseWriter, r *http.Request) { clientId := data["clientId"].(string) loginAuthURL := data["loginAuthURL"].(string) - referer := r.URL.Query().Get("referer") - if "" == referer || !strings.Contains(referer, "://") { - referer = conf.Wide.Server + referer - } - state := util.Rand.String(16) + referer + state := r.URL.Query().Get("state") + referer := conf.Wide.Server + "__" + state + state = util.Rand.String(16) + referer states[state] = state path := loginAuthURL + "?client_id=" + clientId + "&state=" + state + "&scope=public_repo,read:user,user:follow" http.Redirect(w, r, path, http.StatusSeeOther) diff --git a/views/login.html b/views/login.html index fc6b2af..9424d01 100644 --- a/views/login.html +++ b/views/login.html @@ -55,8 +55,7 @@