Perform a client-side redirect after OAuth server authorization

Summary: Ref T13099. See that task for discussion. Chrome is unhappy with an MFA form submitting to an endpoint which redirects you to an OAuth URI. Instead, do the redirect entirely on the client. Chrome's rationale here isn't obvious, so we may be able to revert this at some point. Test Plan: Went through the OAuth flow locally, was redirected on the client. Will verify in production. Maniphest Tasks: T13099 Differential Revision: https://secure.phabricator.com/D19177
2018-03-06 10:25:05 -08:00
parent f392896209
commit dbccfb234f
3 changed files with 42 additions and 3 deletions
--- a/resources/celerity/map.php
+++ b/resources/celerity/map.php
@@ -502,6 +502,7 @@ return array(
    'rsrc/js/core/behavior-phabricator-nav.js' => '836f966d',
    'rsrc/js/core/behavior-phabricator-remarkup-assist.js' => 'acd29eee',
    'rsrc/js/core/behavior-read-only-warning.js' => 'ba158207',
+    'rsrc/js/core/behavior-redirect.js' => '0213259f',
    'rsrc/js/core/behavior-refresh-csrf.js' => 'ab2f381b',
    'rsrc/js/core/behavior-remarkup-preview.js' => '4b700e9e',
    'rsrc/js/core/behavior-reorder-applications.js' => '76b9fc3e',
@@ -686,6 +687,7 @@ return array(
    'javelin-behavior-project-create' => '065227cc',
    'javelin-behavior-quicksand-blacklist' => '7927a7d3',
    'javelin-behavior-read-only-warning' => 'ba158207',
+    'javelin-behavior-redirect' => '0213259f',
    'javelin-behavior-refresh-csrf' => 'ab2f381b',
    'javelin-behavior-releeph-preview-branch' => 'b2b4fbaf',
    'javelin-behavior-releeph-request-state-change' => 'a0b57eb8',
@@ -934,6 +936,10 @@ return array(
      'javelin-dom',
      'phabricator-keyboard-shortcut',
    ),
+    '0213259f' => array(
+      'javelin-behavior',
+      'javelin-uri',
+    ),
    '04b2ae03' => array(
      'javelin-install',
      'javelin-util',