mirrors/pinafore
mirrors
/
pinafore
mirror of https://github.com/nolanlawson/pinafore.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: OAuth2: use correct `Content-Type` as specified in RFC (#2343) 

Co-authored-by: Nolan Lawson <nolan@nolanlawson.com>
This commit is contained in:
vitalyster 2023-01-09 09:31:00 +03:00 committed by GitHub
parent c2851ce104
commit c426b7fe31
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/routes/_api/oauth.js
View File

@ -27,11 +27,13 @@ export function generateAuthLink (instanceName, clientId, redirectUri) {
export function getAccessTokenFromAuthCode (instanceName, clientId, clientSecret, code, redirectUri) {
const url = `${basename(instanceName)}/oauth/token`
return post(url, {
// Using URLSearchParams here guarantees a content type of application/x-www-form-urlencoded
// See https://fetch.spec.whatwg.org/#bodyinit-unions
return post(url, new URLSearchParams({
client_id: clientId,
client_secret: clientSecret,
redirect_uri: redirectUri,
grant_type: 'authorization_code',
code
}, null, { timeout: WRITE_TIMEOUT })
}), null, { timeout: WRITE_TIMEOUT })
}

2
src/routes/_utils/ajax.js
View File

@ -51,7 +51,7 @@ async function _fetch (url, fetchOptions, options) {
async function _putOrPostOrPatch (method, url, body, headers, options) {
const fetchOptions = makeFetchOptions(method, headers, options)
if (body) {
if (body instanceof FormData) {
if (body instanceof FormData || body instanceof URLSearchParams) {
fetchOptions.body = body
} else {
fetchOptions.body = JSON.stringify(body)