Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-67528

Use 127.0.0.1 instead of localhost for redirect_uri in QOAuth2AuthorizationCodeFlow

    XMLWordPrintable

Details

    • c85304484261af2fc046c909087549799a5979f9 (qt/qtnetworkauth/5.12)

    Description

      When I'm using QOAuth2AuthorizationCodeFlow, together with the QOAuthHttpServerReplyHandler, it uses http://localhost:{PORT}/ as the redirect uri. However, in section 8.3 of RFC 8252 (https://tools.ietf.org/html/rfc8252#section-8.3), it is specifically NOT RECOMMENDED to use localhost, but instead to use 127.0.0.1.

      I would say that it is better to follow this by default, but at least make it configurable.

      Attachments

        Issue Links

          is replaced by

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-130159 [Reg 6.6.3 -> 6.7] QOAuth2AuthorizationCodeFlow uses "localhost" as the redirect URI when it should be "127.0.0.1"

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          For Gerrit Dashboard: QTBUG-67528
          # Subject Branch Project Status CR V
          246139,3 Use 127.0.0.1 for redirect URI 5.12 qt/qtnetworkauth Status: MERGED +2 0

          Activity

            People

              jefernan Jesus Fernandez
              jharmannij jharmannij
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes