recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix Facebook login on mobile violating CSP after form redirect

Summary: Fixes T13254. See that task for details.

Test Plan: Used iOS Simulator to do a login locally, didn't get blocked. Verified CSP includes "m.facebook.com".

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13254

Differential Revision: https://secure.phabricator.com/D20206

epriestley 701a9bc3 90064a35

+8 -11
+8 -11
src/applications/auth/provider/PhabricatorFacebookAuthProvider.php
··· 47 47 return 'Facebook'; 48 48 } 49 49 50 + protected function getContentSecurityPolicyFormActions() { 51 + return array( 52 + // See T13254. After login with a mobile device, Facebook may redirect 53 + // to the mobile site. 54 + 'https://m.facebook.com/', 55 + ); 56 + } 57 + 50 58 public function readFormValuesFromProvider() { 51 59 $require_secure = $this->getProviderConfig()->getProperty( 52 60 self::KEY_REQUIRE_SECURE); ··· 112 120 } 113 121 114 122 return parent::renderConfigPropertyTransactionTitle($xaction); 115 - } 116 - 117 - public static function getFacebookApplicationID() { 118 - $providers = PhabricatorAuthProvider::getAllProviders(); 119 - $fb_provider = idx($providers, 'facebook:facebook.com'); 120 - if (!$fb_provider) { 121 - return null; 122 - } 123 - 124 - return $fb_provider->getProviderConfig()->getProperty( 125 - self::PROPERTY_APP_ID); 126 123 } 127 124 128 125 }