Remove shield for Conduit API responses

Summary: 'cuz we don't need it and it's lame complexity for API clients of all kinds. Rip the band-aid off now. Test Plan: used conduit console and verified no more shield. also did some JS stuff around the suite to verify I didn't kill JS Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T891 Differential Revision: https://secure.phabricator.com/D3265
2025-02-23 03:59:25 +01:00 · 2012-08-13 14:49:32 -07:00 · 2012-08-13 14:49:32 -07:00 · dd26bc6d1a
commit dd26bc6d1a
parent 0f919ecd3c
3 changed files with 18 additions and 6 deletions
--- a/src/aphront/response/AphrontJSONResponse.php
+++ b/src/aphront/response/AphrontJSONResponse.php
@ -22,15 +22,31 @@
 final class AphrontJSONResponse extends AphrontResponse {

  private $content;
+  private $addJSONShield;

  public function setContent($content) {
    $this->content = $content;
    return $this;
  }

+  public function setAddJSONShield($should_add) {
+    $this->addJSONShield = $should_add;
+    return $this;
+  }
+
+  public function shouldAddJSONShield() {
+    if ($this->addJSONShield === null) {
+      return true;
+    }
+    return (bool) $this->addJSONShield;
+  }
+
  public function buildResponseString() {
    $response = $this->encodeJSONForHTTPResponse($this->content);
-    return $this->addJSONShield($response, $use_javelin_shield = false);
+    if ($this->shouldAddJSONShield()) {
+      $response = $this->addJSONShield($response, $use_javelin_shield = false);
+    }
+    return $response;
  }

  public function getHeaders() {
@ -40,5 +56,4 @@ final class AphrontJSONResponse extends AphrontResponse {
    $headers = array_merge(parent::getHeaders(), $headers);
    return $headers;
  }
-
 }
--- a/src/applications/auth/oauth/provider/PhabricatorOAuthProviderPhabricator.php
+++ b/src/applications/auth/oauth/provider/PhabricatorOAuthProviderPhabricator.php
@ -104,8 +104,6 @@ extends PhabricatorOAuthProvider {
  }

  public function setUserData($data) {
-    // need to strip the javascript shield from conduit
-    $data = substr($data, 8);
    $data = idx(json_decode($data, true), 'result');
    $this->validateUserData($data);
    $this->userData = $data;
--- a/src/applications/conduit/controller/PhabricatorConduitAPIController.php
+++ b/src/applications/conduit/controller/PhabricatorConduitAPIController.php
@ -164,6 +164,7 @@ final class PhabricatorConduitAPIController
      case 'json':
      default:
        return id(new AphrontJSONResponse())
+          ->setAddJSONShield(false)
          ->setContent($response->toDictionary());
    }
  }
@ -218,8 +219,6 @@ final class PhabricatorConduitAPIController
    }

    // handle oauth
-    // TODO - T897 (make error codes for OAuth more correct to spec)
-    // and T891 (strip shield from Conduit response)
    $access_token = $request->getStr('access_token');
    $method_scope = $metadata['scope'];
    if ($access_token &&