fix(server): Remove XSS vulnerability. Fixes argoproj#3942 (argoproj#…

…3975)
highb · Sep 10, 2020 · 7b1d17a · 7b1d17a
1 parent 20c518c
commit 7b1d17a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/server/auth/sso/sso.go b/server/auth/sso/sso.go
@@ -147,7 +147,7 @@ func (s *sso) HandleCallback(w http.ResponseWriter, r *http.Request) {
  }
  if state != cookie.Value {
  w.WriteHeader(401)
- _, _ = w.Write([]byte(fmt.Sprintf("invalid state: %s", state)))
+ _, _ = w.Write([]byte("invalid state: does not match cookie value"))
  return
  }
  oauth2Token, err := s.config.Exchange(ctx, r.URL.Query().Get("code"))