archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Fix Facebook login on mobile violating CSP after form redirect

Browse Source 
Summary: Fixes T13254. See that task for details.

Test Plan: Used iOS Simulator to do a login locally, didn't get blocked. Verified CSP includes "m.facebook.com".

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13254

Differential Revision: https://secure.phabricator.com/D20206
This commit is contained in:
epriestley
2019-02-22 16:28:43 -08:00
parent 90064a350a
commit 701a9bc339
1 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/applications/auth/provider/PhabricatorFacebookAuthProvider.php
View File

@@ -47,6 +47,14 @@ final class PhabricatorFacebookAuthProvider
return 'Facebook'; return 'Facebook';
} }
protected function getContentSecurityPolicyFormActions() {
return array(
// See T13254. After login with a mobile device, Facebook may redirect
// to the mobile site.
'https://m.facebook.com/',
);
}
public function readFormValuesFromProvider() { public function readFormValuesFromProvider() {
$require_secure = $this->getProviderConfig()->getProperty( $require_secure = $this->getProviderConfig()->getProperty(
self::KEY_REQUIRE_SECURE); self::KEY_REQUIRE_SECURE);
@@ -114,15 +122,4 @@ final class PhabricatorFacebookAuthProvider
return parent::renderConfigPropertyTransactionTitle($xaction); return parent::renderConfigPropertyTransactionTitle($xaction);
} }
public static function getFacebookApplicationID() {
$providers = PhabricatorAuthProvider::getAllProviders();
$fb_provider = idx($providers, 'facebook:facebook.com');
if (!$fb_provider) {
return null;
}
return $fb_provider->getProviderConfig()->getProperty(
self::PROPERTY_APP_ID);
}
} }