Remove shield for Conduit API responses · recaptime.dev/phorge@dd26bc6

@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge

phorge phabricator

fork

Remove shield for Conduit API responses

Summary: 'cuz we don't need it and it's lame complexity for API clients of all kinds. Rip the band-aid off now.

Test Plan: used conduit console and verified no more shield. also did some JS stuff around the suite to verify I didn't kill JS

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T891

Differential Revision: https://secure.phabricator.com/D3265

Bob Trahan 14 years ago dd26bc6d 0f919ecd

+18 -6

3 changed files

expand all

src

aphront

response

AphrontJSONResponse.php

applications

auth

oauth

provider

PhabricatorOAuthProviderPhabricator.php

conduit

controller

PhabricatorConduitAPIController.php

+17 -2

src/aphront/response/AphrontJSONResponse.php

··· 22 22 final class AphrontJSONResponse extends AphrontResponse { 23 23 24 24 private $content; 25 + private $addJSONShield; 25 26 26 27 public function setContent($content) { 27 28 $this->content = $content; 28 29 return $this; 29 30 } 30 31 32 + public function setAddJSONShield($should_add) { 33 + $this->addJSONShield = $should_add; 34 + return $this; 35 + } 36 + 37 + public function shouldAddJSONShield() { 38 + if ($this->addJSONShield === null) { 39 + return true; 40 + } 41 + return (bool) $this->addJSONShield; 42 + } 43 + 31 44 public function buildResponseString() { 32 45 $response = $this->encodeJSONForHTTPResponse($this->content); 33 - return $this->addJSONShield($response, $use_javelin_shield = false); 46 + if ($this->shouldAddJSONShield()) { 47 + $response = $this->addJSONShield($response, $use_javelin_shield = false); 48 + } 49 + return $response; 34 50 } 35 51 36 52 public function getHeaders() { ··· 40 56 $headers = array_merge(parent::getHeaders(), $headers); 41 57 return $headers; 42 58 } 43 - 44 59 }

-2

src/applications/auth/oauth/provider/PhabricatorOAuthProviderPhabricator.php

··· 104 104 } 105 105 106 106 public function setUserData($data) { 107 - // need to strip the javascript shield from conduit 108 - $data = substr($data, 8); 109 107 $data = idx(json_decode($data, true), 'result'); 110 108 $this->validateUserData($data); 111 109 $this->userData = $data;

+1 -2

src/applications/conduit/controller/PhabricatorConduitAPIController.php

··· 164 164 case 'json': 165 165 default: 166 166 return id(new AphrontJSONResponse()) 167 + ->setAddJSONShield(false) 167 168 ->setContent($response->toDictionary()); 168 169 } 169 170 } ··· 218 219 } 219 220 220 221 // handle oauth 221 - // TODO - T897 (make error codes for OAuth more correct to spec) 222 - // and T891 (strip shield from Conduit response) 223 222 $access_token = $request->getStr('access_token'); 224 223 $method_scope = $metadata['scope']; 225 224 if ($access_token &&

Configure Feed

Configure Feed