Change issued by constraint to be allowed domains

northcreation-agency · Mar 1, 2023 · 2d4201c · 2d4201c
1 parent e73a6fa
commit 2d4201c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Authentication/JWTAuthenticator.php b/src/Authentication/JWTAuthenticator.php
@@ -595,7 +595,7 @@ protected function validateParsedToken(UnencryptedToken $parsedToken, HTTPreques
         // @todo - upgrade
         // @see https://lcobucci-jwt.readthedocs.io/en/latest/upgrading/#replace-tokenverify-and-tokenvalidate-with-validation-api
         $this->config->setValidationConstraints(
-            new IssuedBy($request->getHeader('Origin')),
+            new IssuedBy(...$this->getAllowedDomains()),
             new PermittedFor(Director::absoluteBaseURL()),
             new IdentifiedBy($record->UID),
             new StrictValidAt(new SystemClock(new DateTimeZone(date_default_timezone_get()))),