Merge pull request openid#126 from utkarsh2102/CVE-2019-11027

tobiashm · web-flow · commit a7914e9a0945 · 2019-10-16T14:14:21.000+02:00
Perform checks first
diff --git a/lib/openid/consumer/idres.rb b/lib/openid/consumer/idres.rb
@@ -71,9 +71,9 @@ def signed_fields
       # verified information.
       def id_res
         check_for_fields
-        verify_return_to
         check_signature
         check_nonce
+        verify_return_to
         verify_discovery_results
       end
 
