fix(auth): apply URL sanitization when opening authorization link

2025-12-27 12:51:26 +08:00 · 2025-07-18 12:25:25 +08:00 · 2025-07-18 12:25:25 +08:00 · 6f73e93e9b
commit 6f73e93e9b
parent e141b4771c
1 changed files with 2 additions and 2 deletions
--- a/src/main/services/mcp/oauth/provider.ts
+++ b/src/main/services/mcp/oauth/provider.ts
@ -4,8 +4,8 @@ import { loggerService } from '@logger'
 import { getConfigDir } from '@main/utils/file'
 import { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth'
 import { OAuthClientInformation, OAuthClientInformationFull, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth'
-import { sanitizeUrl } from 'strict-url-sanitise'
 import open from 'open'
+import { sanitizeUrl } from 'strict-url-sanitise'

 import { JsonFileStorage } from './storage'
 import { OAuthProviderOptions } from './types'
@ -63,7 +63,7 @@ export class McpOAuthClientProvider implements OAuthClientProvider {
  async redirectToAuthorization(authorizationUrl: URL): Promise<void> {
    try {
      // Open the browser to the authorization URL
-      await open(authorizationUrl.toString())
+      await open(sanitizeUrl(authorizationUrl.toString()))
      logger.debug('Browser opened automatically.')
    } catch (error) {
      logger.error('Could not open browser automatically.')