OAuth Client Redirect URL doesn't accept url's containing '_'.

[guilhermenovais]

Support guidelines

• I've read the support guidelines

I've found a bug and checked that ...

• ... the documentation does not mention anything about my problem
• ... there are no open or closed issues that are related to my problem
• ... it's definitely a Firefly III issue, not me

Description

When trying to register an OAuth Client using an URL containing '_', the server responds with 422. There is no error displayed on the screen. The following error is printed to console.

Debug information

Debug information generated at 2024-05-08 14:23:58 for Firefly III version v6.1.15.

System information
Item	Value
Firefly III	6.1.15 / v2.0.14 / 24 (exp. 24)
PHP version	8.3.6 (64bits) / apache2handler / Linux x86_64
BCscale	12
Error reporting	Display: Off, reporting: ALL errors
Max upload	67108864 (64 MB)
Database drivers	*mysql*, pgsql, sqlite,
Docker build	#1074, base #83

Firefly III information
Item	Value
Timezone	America/Sao_Paulo + America/Sao_Paulo
App environment	local, debug: false
Layout	v1
Logging	notice, stack / (empty)
Cache driver	file
Default language and locale	en_US + equal
Trusted proxies	*
Login provider & user guard	eloquent / web
Login headers	N/A + N/A
Stateful domains
Last cron job	never (never)
Mailer	log

User-specific information
Item	Value
User	#1 of 1
User flags
Session start	2024-05-01 00:00:00
Session end	2024-05-31 23:59:59
View range	1M
User language	en_US
User locale	en_US
Locale(s) supported	en_US.utf8: ✅ en_US.UTF-8: ✅
User agent	Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0

Expected behaviour

No response

Steps to reproduce

1. Open the Create Client dialog on OAuth screen;
2. Enter a URL containing the underscore character;
3. Click the Create button.

Additional info

No response

[JC5]

I can't replicate this. It works fine for me, and it works fine on the demo site as well.

Can you see what the 422 contains, exactly?

[guilhermenovais]

Here are the request and the response. I forgot to mention that Firefly is running behind a reverse proxy.

Raw Request

POST /oauth/clients HTTP/2
Host: firefly.test.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0
Accept: application/json, text/plain, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
X-CSRF-TOKEN: x-csrf-token
X-XSRF-TOKEN: x-xsrf-token
Content-Length: 98
Origin: https://firefly.test.com
DNT: 1
Connection: keep-alive
Cookie: google2fa_token=2fatoken; XSRF-TOKEN=token; laravel_token=laraveltoken
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

{"errors":[],"name":"importer","redirect":"http://firefly_importer.test.com","confidential":false}

Raw Response

HTTP/2 422
server: openresty
date: Wed, 08 May 2024 17:51:35 GMT
content-type: application/json
cache-control: no-cache, private
x-frame-options: deny
content-security-policy: default-src 'none'; object-src 'none'; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-Q6Ops0pwMJSLOV7wgu2iNw=='; style-src 'unsafe-inline' 'self'; base-uri 'self'; font-src 'self' data:; connect-src 'self' ; img-src 'self' data: 'nonce-Q6Ops0pwMJSLOV7wgu2iNw==' ; manifest-src 'self'; form-action 'self'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer
x-permitted-cross-domain-policies: none
x-robots-tag: none
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'self'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
set-cookie: XSRF-TOKEN=token; expires=Wed, 08 May 2024 19:51:35 GMT; Max-Age=7200; path=/; samesite=lax
set-cookie: firefly_session=session; path=/; httponly; samesite=lax
X-Firefox-Spdy: h2

[JC5]

Host names with an underscore in them are not valid as per RFC 1123. So it may work here and there but your mileage may vary.

Try a dash instead of a underscore.

[github-actions]

Hi there! This is an automatic reply. Share and enjoy

This issue is now 🔒 closed. Please be aware that closed issues are not monitored by the developer of Firefly III.

• If the original bug is not actually fixed, please open a new issue. Refer to this issue for clarity.
• Follow-up questions must be posted in a new discussion
• Further replies to this issue may get no response.

If there is more to discuss, please open a new issue or discussion.

Thank you for your contributions.