1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 17:02:41 +01:00

Fix Facebook login on mobile violating CSP after form redirect

Summary: Fixes T13254. See that task for details.

Test Plan: Used iOS Simulator to do a login locally, didn't get blocked. Verified CSP includes "m.facebook.com".

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13254

Differential Revision: https://secure.phabricator.com/D20206
This commit is contained in:
epriestley 2019-02-22 16:28:43 -08:00
parent 90064a350a
commit 701a9bc339

View file

@ -47,6 +47,14 @@ final class PhabricatorFacebookAuthProvider
return 'Facebook'; return 'Facebook';
} }
protected function getContentSecurityPolicyFormActions() {
return array(
// See T13254. After login with a mobile device, Facebook may redirect
// to the mobile site.
'https://m.facebook.com/',
);
}
public function readFormValuesFromProvider() { public function readFormValuesFromProvider() {
$require_secure = $this->getProviderConfig()->getProperty( $require_secure = $this->getProviderConfig()->getProperty(
self::KEY_REQUIRE_SECURE); self::KEY_REQUIRE_SECURE);
@ -114,15 +122,4 @@ final class PhabricatorFacebookAuthProvider
return parent::renderConfigPropertyTransactionTitle($xaction); return parent::renderConfigPropertyTransactionTitle($xaction);
} }
public static function getFacebookApplicationID() {
$providers = PhabricatorAuthProvider::getAllProviders();
$fb_provider = idx($providers, 'facebook:facebook.com');
if (!$fb_provider) {
return null;
}
return $fb_provider->getProviderConfig()->getProperty(
self::PROPERTY_APP_ID);
}
} }