fix(error-redirect): use query-safe fragment as recommended in the la…

…test OAuth 2 security best practices
DuendeSoftware · Dec 15, 2024 · 4be69fd · 4be69fd
1 parent 8458ae0
commit 4be69fd
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/identity-server/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs b/identity-server/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs
@@ -177,8 +177,8 @@ private string BuildRedirectUri(AuthorizeResponse response)
 
         if (response.IsError && !uri.Contains('#'))
         {
-            // https://tools.ietf.org/html/draft-bradley-oauth-open-redirector-00
-            uri += "#_=_";
+            // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-29#section-4.1.3
+            uri += "#_";
         }
 
         return uri;