fix: enforce https callback url

hotosm · Jul 24, 2024 · 79d3347 · 79d3347
1 parent 628f5cd
commit 79d3347
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/backend/app/users/oauth_routes.py b/src/backend/app/users/oauth_routes.py
@@ -39,7 +39,9 @@ async def login_url(google_auth=Depends(init_google_auth)):
 async def callback(request: Request, google_auth=Depends(init_google_auth)):
     """Performs token exchange between Google and DTM API"""
 
-    callback_url = str(request.url)
+    # Enforce https callback url
+    callback_url = str(request.url).replace("http://", "https://")
+
     access_token = google_auth.callback(callback_url).get("access_token")
 
     user_data = google_auth.deserialize_access_token(access_token)