fix: allow native applications to use https:// on loopback redirect addresses (#9073)

# Which Problems Are Solved - The current validation for native redirect URIs does not allow HTTPS loopback addresses. # How the Problems Are Solved - Enhanced the validation logic to permit HTTPS loopback addresses, ensuring that developers can use these addresses without encountering validation errors. - Updated zitadel/oidc to latest version # Additional Context - Closes #4091 - This pr need to be closed first in our OIDC lib: https://github.com/zitadel/oidc/pull/691 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 14:47:33 +00:00 · 2025-03-21 14:55:16 +01:00
parent e4c12864e5
commit 8b1b9cbb98
3 changed files with 23 additions and 28 deletions
--- a/console/src/app/pipes/redirect-pipe/redirect.pipe.ts
+++ b/console/src/app/pipes/redirect-pipe/redirect.pipe.ts
@@ -11,7 +11,12 @@ export class RedirectPipe implements PipeTransform {
        uri.startsWith('http://localhost:') ||
        uri.startsWith('http://127.0.0.1') ||
        uri.startsWith('http://[::1]') ||
-        uri.startsWith('http://[0:0:0:0:0:0:0:1]')
+        uri.startsWith('http://[0:0:0:0:0:0:0:1]') ||
+        uri.startsWith('https://localhost/') ||
+        uri.startsWith('https://localhost:') ||
+        uri.startsWith('https://127.0.0.1') ||
+        uri.startsWith('https://[::1]') ||
+        uri.startsWith('https://[0:0:0:0:0:0:0:1]')
      ) {
        return true;
      }