84e65afffd
Backport #28266 by @earl-warren - When crafting the OAuth2 callbackURL take into account `appSubUrl`, which is quite safe given that its strictly formatted. - No integration testing as this is all done in Javascript. - Resolves https://codeberg.org/forgejo/forgejo/issues/1795 (cherry picked from commit 27cb6b7956136f87aa78067d9adb5a4c4ce28a24) Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com> Co-authored-by: Gusted <postmaster@gusted.xyz>