From c1ea8f9e7df821fcedefee206efaca8a2a305b97 Mon Sep 17 00:00:00 2001
From: Johannes Marbach <n0-0ne+github@mailbox.org>
Date: Mon, 24 Nov 2025 11:49:41 +0100
Subject: [PATCH] Add pattern restriction

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
---
 data/api/client-server/definitions/m.oauth_params.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/api/client-server/definitions/m.oauth_params.yaml b/data/api/client-server/definitions/m.oauth_params.yaml
index d6e35dc1..cf64da8e 100644
--- a/data/api/client-server/definitions/m.oauth_params.yaml
+++ b/data/api/client-server/definitions/m.oauth_params.yaml
@@ -24,6 +24,7 @@ properties:
       A URL pointing to the homeserver's OAuth account management web UI
       where the user can approve the action. MUST be a valid URI with scheme
       `http://` or `https://`, the latter being RECOMMENDED.
+    pattern: "^https?://"
 example: {
     "url": "https://example.org/account/reset-cross-signing"
 }