API: Fix missing wildcards after login redirect (#4348)

This PR fixes an issue where the `scopes` parameter would see its wildmark characters (*) removed during the login page redirection, after that a call to `/authorize_token` was made while the user was not logged in. Closes issue 4200
2024-02-12 22:30:48 +01:00 · 2024-02-12 22:30:48 +01:00 · c85b908613
parent f32764c840 0917efd9cb
commit c85b908613
1 changed files with 1 additions and 1 deletions
--- a/src/invidious/helpers/utils.cr
+++ b/src/invidious/helpers/utils.cr
@ -262,7 +262,7 @@ def get_referer(env, fallback = "/", unroll = true)
  end

  referer = referer.request_target
-  referer = "/" + referer.gsub(/[^\/?@&%=\-_.:,0-9a-zA-Z]/, "").lstrip("/\\")
+  referer = "/" + referer.gsub(/[^\/?@&%=\-_.:,*0-9a-zA-Z]/, "").lstrip("/\\")

  if referer == env.request.path
    referer = fallback