24596852431
85%
master: 85%

Ran 18 Apr 2026 04:27AM UTC

Jobs 1

Files 24

Run time 1min

Badge

Embed ▾

Committed 18 Apr 2026 04:25AM UTC coverage: 84.247%. Remained the same

Build # 24596852431

Build Type

Pull #275

github

Committed by

paskal

Commit Message

fix(provider): make redirect host check opt-in (nil = permissive)

Per maintainer review on PR #275: a dependency bump must not silently
change behaviour for existing consumers. Flip the default so that a nil
Opts.AllowedRedirectHosts means "no host check" (preserves pre-feature
behaviour); the validator only runs when the consumer explicitly sets
the field.

When non-nil:
* Opts.URL host is always implicit (single-host deployments enable the
  policy with `func() ([]string, error) { return nil, nil }`).
* Hostname comparison ignores port (https://x and https://x:443 match).
* Relative/unparseable URLs are rejected.

Test table reorganised to cover the permissive default explicitly and to
mark every "policy on" case with a non-nil allowlist. Integration tests
in oauth1/oauth2/apple/verify get a paramOpts variadic on their setup
helpers so the rejection tests can flip the policy on.

README rewritten to make the opt-in nature clear.

Pull Request Pull Request #275: fix: validate "from" redirect target in OAuth/verify flows

Coverage Stats

2706 of 3212 relevant lines covered (84.25%)

7.27 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	24596852431.1	18 Apr 2026 04:27AM UTC	24	84.25	GitHub Action Run

go-pkgz / auth / 24596852431
85%
master: 85%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 24596852431

go-pkgz / auth / 24596852431 85% master: 85%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 24596852431

go-pkgz / auth / 24596852431
85%
master: 85%

README BADGES
x