ecd4b03a4e563909ec66ce396751e0e27f55251e
Summary: @vrana patched an important external-CSRF-leaking hole recently (D1558), but since we are sloppy in building this form it got caught in the crossfire. We set action to something like "http://this.server.com/oauth/derp/", but that triggers CSRF protection by removing CSRF tokens from the form. This makes OAuth login not work. Instead, use the local path only so we generate a CSRF token. Test Plan: Registered locally via oauth. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran, epriestley, demo Maniphest Tasks: T853 Differential Revision: https://secure.phabricator.com/D1597
Phabricator is a open source collection of web applications which make it easier to write, review, and share source code. Phabricator was developed at Facebook. This is an early release. It's pretty high-quality and usable, but under active development so things may change quickly. You can learn more about the project and find links to documentation and resources at: http://phabricator.org/ LICENSE Phabricator is released under the Apache 2.0 license except as otherwise noted. http://www.apache.org/licenses/LICENSE-2.0
Description
Languages
PHP
93.4%
JavaScript
4.1%
CSS
2.4%