Fix Facebook login on mobile violating CSP after form redirect

Summary: Fixes T13254. See that task for details.

Test Plan: Used iOS Simulator to do a login locally, didn't get blocked. Verified CSP includes "m.facebook.com".

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13254

Differential Revision: https://secure.phabricator.com/D20206

src/applications/auth/provider/PhabricatorFacebookAuthProvider.php

@@ -47,6 +47,14 @@ final class PhabricatorFacebookAuthProvider
     return 'Facebook';
   }
 
+  protected function getContentSecurityPolicyFormActions() {
+    return array(
+      // See T13254. After login with a mobile device, Facebook may redirect
+      // to the mobile site.
+      'https://m.facebook.com/',
+    );
+  }
+
   public function readFormValuesFromProvider() {
     $require_secure = $this->getProviderConfig()->getProperty(
       self::KEY_REQUIRE_SECURE);
@@ -114,15 +122,4 @@ final class PhabricatorFacebookAuthProvider
     return parent::renderConfigPropertyTransactionTitle($xaction);
   }
 
-  public static function getFacebookApplicationID() {
-    $providers = PhabricatorAuthProvider::getAllProviders();
-    $fb_provider = idx($providers, 'facebook:facebook.com');
-    if (!$fb_provider) {
-      return null;
-    }
-
-    return $fb_provider->getProviderConfig()->getProperty(
-      self::PROPERTY_APP_ID);
-  }
-
 }