3 năm trước cách đây · 97480d3996
--- a/app/oauth/views/authorize.py
+++ b/app/oauth/views/authorize.py
@@ -72,16 +72,16 @@ def authorize():
 
				     if not client:
			
 
				         return redirect(url_for("auth.login"))
			
 
				 
			
 
				-    # check if redirect_uri is valid
			
 
				     # allow localhost by default
			
 
				     # allow any redirect_uri if the app isn't approved
			
 
				     hostname, scheme = get_host_name_and_scheme(redirect_uri)
			
 
				-    if hostname != "localhost" and hostname != "127.0.0.1" and client.approved:
			
 
				+    if hostname != "localhost" and hostname != "127.0.0.1":
			
 
				         # support custom scheme for mobile app
			
 
				         if scheme == "http":
			
 
				             final_redirect_uri = f"{redirect_uri}?error=http_not_allowed"
			
 
				             return redirect(final_redirect_uri)
			
 
				 
			
 
				+        # check if redirect_uri is valid
			
 
				         if not RedirectUri.get_by(client_id=client.id, uri=redirect_uri):
			
 
				             final_redirect_uri = f"{redirect_uri}?error=unknown_redirect_uri"
			
 
				             return redirect(final_redirect_uri)
			
--- a/templates/oauth/authorize.html
+++ b/templates/oauth/authorize.html
@@ -36,7 +36,7 @@
 
				   <form class="card" method="post" data-parsley-validate style="max-width: 40rem; margin: auto; border-radius: 2%">
			
 
				     {% if not client.approved %}
			
 
				       <div class="alert alert-warning" style="border-bottom: 3px solid;">
			
 
				-        <b>{{ client.name }}</b> is in Dev Mode and isn't approved (yet) by SimpleLogin.
			
 
				+        <b>{{ client.name }}</b> is in Dev Mode and isn't approved (yet) by SimpleLogin. <b>Please make sure you trust {{ client.name }} before proceeding.</b>
			
 
				       </div>
			
 
				     {% endif %}