From e230dfdb2d19498e6c1b71c88157ed1e458aae66 Mon Sep 17 00:00:00 2001 From: Liang Ding Date: Fri, 17 May 2019 14:09:19 +0800 Subject: [PATCH] =?UTF-8?q?:art:=20=E7=99=BB=E5=BD=95=E8=B7=B3=E8=BD=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- session/oauthctl.go | 8 +++----- views/login.html | 3 +-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/session/oauthctl.go b/session/oauthctl.go index 684c5b6..11abb53 100644 --- a/session/oauthctl.go +++ b/session/oauthctl.go @@ -55,11 +55,9 @@ func RedirectGitHubHandler(w http.ResponseWriter, r *http.Request) { clientId := data["clientId"].(string) loginAuthURL := data["loginAuthURL"].(string) - referer := r.URL.Query().Get("referer") - if "" == referer || !strings.Contains(referer, "://") { - referer = conf.Wide.Server + referer - } - state := util.Rand.String(16) + referer + state := r.URL.Query().Get("state") + referer := conf.Wide.Server + "__" + state + state = util.Rand.String(16) + referer states[state] = state path := loginAuthURL + "?client_id=" + clientId + "&state=" + state + "&scope=public_repo,read:user,user:follow" http.Redirect(w, r, path, http.StatusSeeOther) diff --git a/views/login.html b/views/login.html index fc6b2af..9424d01 100644 --- a/views/login.html +++ b/views/login.html @@ -55,8 +55,7 @@