)]}'
{
  "commit": "9398c7877ab279303a29cb01120d681433d30a6b",
  "tree": "c0401941572172b603c50da58bc8d70466265550",
  "parents": [
    "b34da26abc259a239fe3828c6bf37ebb47016d8c"
  ],
  "author": {
    "name": "Alvaro Vilaplana Garcia",
    "email": "alvaro.vilaplana@gmail.com",
    "time": "Wed Aug 30 10:35:50 2023 +0100"
  },
  "committer": {
    "name": "Alvaro Vilaplana Garcia",
    "email": "alvaro.vilaplana@gmail.com",
    "time": "Sat Sep 02 10:38:57 2023 +0100"
  },
  "message": "Build OAuth redirect URL when X-Forwarded-Host is present\n\nIn the past, when a Gerrit multi-site topology was used featuring a\nprimary domain, i.e example.com (serving as a geo-location load\nbalancer), along with multiple Gerrit sites like review-1.example.com\nand review-2.example.com, the initiation of the GitHub sign-in flow\nwithin any of the Gerrit sites triggered a redirection to GitHub,\nreferred to as the user\u0027s GitHub identity request [1]. During this\nprocess, the redirect_uri query parameter was constructed using\ninformation from the gerrit.canonicalWebUrl property defined in the\netc/gerrit.config file [2]. It\u0027s important to note that this property\noccasionally contained a URL with a host matching the primary domain,\nexample.com. Consequently, when users attempted to sign in via GitHub,\nthey were redirected to this main domain.\n\nHowever, with this updated approach, the redirect_uri is now constructed\nbased on the X-Forwarded-Host header if it is present in the request\n(otherwise from gerrit.canonicalWebUrl). This means that when a sign-in\nflow is initiated, for instance, from review-1.example.com, the\nForwarded-Host header will accurately contain the value\nreview-1.example.com. As a result, the redirection URL will utilize this\nvalue as its host.\n\nReferences:\n[1] https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#web-application-flow\n[2] https://gerrit-review.googlesource.com/Documentation/config-gerrit.html\n\nBug: Issue 297231231\nChange-Id: I233824a202041c7a7d1905ef784ae2b6f8d23160\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "5a950193701bd150a7bc5de1b2aa7f78c99110e1",
      "old_mode": 33188,
      "old_path": "README.md",
      "new_id": "812657cb1143899f39939aee37e37c5701a0d9fc",
      "new_mode": 33188,
      "new_path": "README.md"
    },
    {
      "type": "modify",
      "old_id": "7ef81d1f10b664ab24aafd76f4219bc38e3eec9d",
      "old_mode": 33188,
      "old_path": "github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubOAuthConfig.java",
      "new_id": "6c47ea7fc26884edb12233f496ca5ad0cbdd2f50",
      "new_mode": 33188,
      "new_path": "github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubOAuthConfig.java"
    }
  ]
}