wechat_oauth2
Chen-George-Zhen opened this issue · comments
Unsafe redirect "https://open.weixin.qq.com/connect/oauth2/authorize?。。。。。“
source "redirect_to generate_oauth2_url(oauth2_params)"
redirect_to 方法
Kindly provide more information to check.
Get this Exception "Unsafe redirect "https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx89b14e8f3cd5b096&redirect_uri=http%3A%2F%2Fde.client.com.au%2Fwechat_test&response_type=code&scope=snsapi_base&state=d9d8ad7ec7a066297b7eb5f99add4049#wechat_redirect", use :fallback_location to specify a fallback or :allow_other_host to redirect anyway.):" when use "wechat_oauth2", Maybe code " redirect_to generate_oauth2_url(oauth2_params) " , redirect_to add :allow_other_host
de.client.com.au is not in the safe whitelist in Tencent Wechat backend, please make sure filling it in dashboard, it's not a bug in this gem.
I mean "redirect_to generate_oauth2_url(oauth2_params), allow_other_host: true" to replace "redirect_to generate_oauth2_url(oauth2_params)".
allow_other_host seems introduced at Rails 5.2 and valid only for redirect_back, so using redirect_to generate_oauth2_url(oauth2_params), allow_other_host: true
is wrong here IMHO.
Thanks, I used rails 6, this exception occurred when using "redirect_to other domain"
方便加下微信么!哈哈,我也是在上海,上面那个问题,应该是我没有描述清楚,我还以为你是老外!其实就是 我用的 rails 6, 在调用 wechat_oauth2 这个方法的 时候 ,redirect_to, 方法抛出了异常,提示需要 添加 allow_other_host: true,选项,我fork 了一个版本,加上了就没有问题了!
我也有项目跑Rails 6,没有这个情况。。
哦哦,我是执行到这个地方的时候
https://github.com/Eric-Guo/wechat/blob/5de4131c525dac222a2a63c75ad3f534eb8d19fa/lib/wechat/controller_api.rb
def wechat_public_oauth2(oauth2_params, account = nil)
openid = cookies.signed_or_encrypted[:we_openid]
unionid = cookies.signed_or_encrypted[:we_unionid]
we_token = cookies.signed_or_encrypted[:we_access_token]
if openid.present?
yield openid, { 'openid' => openid, 'unionid' => unionid, 'access_token' => we_token}
elsif params[:code].present? && params[:state] == oauth2_params[:state]
access_info = wechat(account).web_access_token(params[:code])
cookies.signed_or_encrypted[:we_openid] = { value: access_info['openid'], expires: self.class.oauth2_cookie_duration.from_now }
cookies.signed_or_encrypted[:we_unionid] = { value: access_info['unionid'], expires: self.class.oauth2_cookie_duration.from_now }
cookies.signed_or_encrypted[:we_access_token] = { value: access_info['access_token'], expires: self.class.oauth2_cookie_duration.from_now }
yield access_info['openid'], access_info
else
redirect_to generate_oauth2_url(oauth2_params)
end
end
error:
"Unsafe redirect "https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx89b14e8f3cd5b096&redirect_uri=http%3A%2F%2Fxxx%2Fwechat_test&response_type=code&scope=snsapi_base&state=d9d8ad7ec7a066297b7eb5f99add4049#wechat_redirect"
use :fallback_location to specify a fallback or :allow_other_host to redirect anyway.):
然后我 直接在 控制器中 redirect_to "https://open.weixin.qq.com/connect/oauth2/authorize" 也会报同样的错,应该是 rails 版本的问题吧!就是 redirect_to 非当前项目域名的时候,就会这样,你可以在你的rails 6 项目 ,控制器中 直接使用 redirect_to 试试,应该会是同样的结果
那你直接提 PR 吧,写成仅针对Rails 6即可,我直接合并。