mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-27 16:00:59 +01:00
Fix Facebook login on mobile violating CSP after form redirect
Summary: Fixes T13254. See that task for details. Test Plan: Used iOS Simulator to do a login locally, didn't get blocked. Verified CSP includes "m.facebook.com". Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13254 Differential Revision: https://secure.phabricator.com/D20206
This commit is contained in:
parent
90064a350a
commit
701a9bc339
1 changed files with 8 additions and 11 deletions
|
@ -47,6 +47,14 @@ final class PhabricatorFacebookAuthProvider
|
|||
return 'Facebook';
|
||||
}
|
||||
|
||||
protected function getContentSecurityPolicyFormActions() {
|
||||
return array(
|
||||
// See T13254. After login with a mobile device, Facebook may redirect
|
||||
// to the mobile site.
|
||||
'https://m.facebook.com/',
|
||||
);
|
||||
}
|
||||
|
||||
public function readFormValuesFromProvider() {
|
||||
$require_secure = $this->getProviderConfig()->getProperty(
|
||||
self::KEY_REQUIRE_SECURE);
|
||||
|
@ -114,15 +122,4 @@ final class PhabricatorFacebookAuthProvider
|
|||
return parent::renderConfigPropertyTransactionTitle($xaction);
|
||||
}
|
||||
|
||||
public static function getFacebookApplicationID() {
|
||||
$providers = PhabricatorAuthProvider::getAllProviders();
|
||||
$fb_provider = idx($providers, 'facebook:facebook.com');
|
||||
if (!$fb_provider) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $fb_provider->getProviderConfig()->getProperty(
|
||||
self::PROPERTY_APP_ID);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue