1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-11 17:32:41 +01:00
phorge-phorge/src/applications/auth/controller/oauthregistration
epriestley ecd4b03a4e Unbreak OAuth Registration
Summary:
@vrana patched an important external-CSRF-leaking hole recently (D1558), but
since we are sloppy in building this form it got caught in the crossfire.

We set action to something like "http://this.server.com/oauth/derp/", but that
triggers CSRF protection by removing CSRF tokens from the form. This makes OAuth
login not work.

Instead, use the local path only so we generate a CSRF token.

Test Plan: Registered locally via oauth.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran, epriestley, demo

Maniphest Tasks: T853

Differential Revision: https://secure.phabricator.com/D1597
2012-02-08 13:42:48 -08:00
..
base Preserve "next" URI by using OAuth 'state' parameter 2011-03-07 22:00:57 -08:00
default Unbreak OAuth Registration 2012-02-08 13:42:48 -08:00