12 lines
801 B
Diff
12 lines
801 B
Diff
diff --git a/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts b/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts
|
|
--- a/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts
|
|
+++ b/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts
|
|
@@ -74,7 +74,7 @@
|
|
// @TODO Consider removing this altogether to allow hosting PDS and app on
|
|
// the same site but different origins (different subdomains).
|
|
- validateFetchSite(req, ['same-origin', 'cross-site', 'none'])
|
|
+ validateFetchSite(req, ['same-origin', 'same-site', 'cross-site', 'none'])
|
|
validateFetchMode(req, ['navigate'])
|
|
validateFetchDest(req, ['document'])
|
|
validateOrigin(req, issuerOrigin)
|