From c426b7fe318da9327576994d9d3a0a66b69942d4 Mon Sep 17 00:00:00 2001 From: vitalyster Date: Mon, 9 Jan 2023 09:31:00 +0300 Subject: [PATCH] fix: OAuth2: use correct `Content-Type` as specified in RFC (#2343) Co-authored-by: Nolan Lawson --- src/routes/_api/oauth.js | 6 ++++-- src/routes/_utils/ajax.js | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/routes/_api/oauth.js b/src/routes/_api/oauth.js index 57824eec..c3e13c03 100644 --- a/src/routes/_api/oauth.js +++ b/src/routes/_api/oauth.js @@ -27,11 +27,13 @@ export function generateAuthLink (instanceName, clientId, redirectUri) { export function getAccessTokenFromAuthCode (instanceName, clientId, clientSecret, code, redirectUri) { const url = `${basename(instanceName)}/oauth/token` - return post(url, { + // Using URLSearchParams here guarantees a content type of application/x-www-form-urlencoded + // See https://fetch.spec.whatwg.org/#bodyinit-unions + return post(url, new URLSearchParams({ client_id: clientId, client_secret: clientSecret, redirect_uri: redirectUri, grant_type: 'authorization_code', code - }, null, { timeout: WRITE_TIMEOUT }) + }), null, { timeout: WRITE_TIMEOUT }) } diff --git a/src/routes/_utils/ajax.js b/src/routes/_utils/ajax.js index 6ecf171a..e47dc2c2 100644 --- a/src/routes/_utils/ajax.js +++ b/src/routes/_utils/ajax.js @@ -51,7 +51,7 @@ async function _fetch (url, fetchOptions, options) { async function _putOrPostOrPatch (method, url, body, headers, options) { const fetchOptions = makeFetchOptions(method, headers, options) if (body) { - if (body instanceof FormData) { + if (body instanceof FormData || body instanceof URLSearchParams) { fetchOptions.body = body } else { fetchOptions.body = JSON.stringify(body)