-
Committer:
Nick Moffitt
-
Date:
2016-07-18 13:35:11 UTC
-
Revision ID:
nick.moffitt@canonical.com-20160718133511-jyjz03zczflvxwpm
Security fix found and suggested by Alyssa Milburn.
This actually allows the nonce check to force the login process to error out entirely. Without this, the system accepts forged last-step requests that contain valid openid URIs.