mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-10 17:02:41 +01:00
Fix Facebook login on mobile violating CSP after form redirect
Summary: Fixes T13254. See that task for details. Test Plan: Used iOS Simulator to do a login locally, didn't get blocked. Verified CSP includes "m.facebook.com". Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13254 Differential Revision: https://secure.phabricator.com/D20206
This commit is contained in:
parent
90064a350a
commit
701a9bc339
1 changed files with 8 additions and 11 deletions
|
@ -47,6 +47,14 @@ final class PhabricatorFacebookAuthProvider
|
||||||
return 'Facebook';
|
return 'Facebook';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function getContentSecurityPolicyFormActions() {
|
||||||
|
return array(
|
||||||
|
// See T13254. After login with a mobile device, Facebook may redirect
|
||||||
|
// to the mobile site.
|
||||||
|
'https://m.facebook.com/',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
public function readFormValuesFromProvider() {
|
public function readFormValuesFromProvider() {
|
||||||
$require_secure = $this->getProviderConfig()->getProperty(
|
$require_secure = $this->getProviderConfig()->getProperty(
|
||||||
self::KEY_REQUIRE_SECURE);
|
self::KEY_REQUIRE_SECURE);
|
||||||
|
@ -114,15 +122,4 @@ final class PhabricatorFacebookAuthProvider
|
||||||
return parent::renderConfigPropertyTransactionTitle($xaction);
|
return parent::renderConfigPropertyTransactionTitle($xaction);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function getFacebookApplicationID() {
|
|
||||||
$providers = PhabricatorAuthProvider::getAllProviders();
|
|
||||||
$fb_provider = idx($providers, 'facebook:facebook.com');
|
|
||||||
if (!$fb_provider) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
return $fb_provider->getProviderConfig()->getProperty(
|
|
||||||
self::PROPERTY_APP_ID);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue