From d1415f001a922e661b9a02c21db8029e25ad7119 Mon Sep 17 00:00:00 2001
From: Bob Florian <bob@smartthings.com>
Date: Tue, 3 Sep 2024 08:38:12 -0400
Subject: [PATCH] Allow port number in callback URLs of API_ONLY apps.

---
 packages/lib/src/__tests__/validate-util.test.ts | 2 ++
 packages/lib/src/validate-util.ts                | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/lib/src/__tests__/validate-util.test.ts b/packages/lib/src/__tests__/validate-util.test.ts
index 80d018f8..0958fced 100644
--- a/packages/lib/src/__tests__/validate-util.test.ts
+++ b/packages/lib/src/__tests__/validate-util.test.ts
@@ -170,6 +170,8 @@ describe('localhostOrHTTPSValidate', () => {
 		'https://www.adafruit.com/category/168',
 		'http://localhost/path/to/fun',
 		'http://127.0.0.1',
+		'http://localhost:3000',
+		'http://127.0.0.1:3000/callback',
 	])('accepts "%s" when https is required', (input) => {
 		expect(localhostOrHTTPSValidate(input)).toBe(true)
 	})
diff --git a/packages/lib/src/validate-util.ts b/packages/lib/src/validate-util.ts
index e94d933f..0c392af0 100644
--- a/packages/lib/src/validate-util.ts
+++ b/packages/lib/src/validate-util.ts
@@ -99,7 +99,7 @@ const urlValidateFn = (options?: URLValidateFnOptions): ValidateFunction => {
 			if (options?.httpsRequired) {
 				if (options.allowLocalhostHTTP) {
 					return url.protocol === 'https:' ||
-						url.protocol === 'http:' && allowedHTTPHosts.includes(url.host) ||
+						url.protocol === 'http:' && allowedHTTPHosts.includes(url.hostname) ||
 						'https is required except for localhost'
 				}
 				return url.protocol === 'https:' || 'https protocol is required'