mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 994 Wiki Activity
Browse Source

Fix login flow form actions 

So fun fact. Chrome considers a redirect after submitting a form part of
the form actions. Since we redirect to a new protocol (nc://login/).
Causing the form submission to work but the redirect failing hard.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
tags/v17.0.0beta1
Roeland Jago Douma 4 years ago
parent
11cf253f52
commit
6dc179ee12
No account linked to committer's email address
2 changed files with 20 additions and 2 deletions
Split View Show Diff Stats
  1. 14
    2
      core/Controller/ClientFlowLoginController.php
  2. 6
    0
      tests/Core/Controller/ClientFlowLoginControllerTest.php

+ 14
- 2
core/Controller/ClientFlowLoginController.php View File

@@ -195,7 +195,10 @@ class ClientFlowLoginController extends Controller {
);
$this->session->set(self::stateName, $stateToken);

return new StandaloneTemplateResponse(
$csp = new Http\ContentSecurityPolicy();
$csp->addAllowedFormActionDomain('nc://*');

$response = new StandaloneTemplateResponse(
$this->appName,
'loginflow/authpicker',
[
@@ -209,6 +212,9 @@ class ClientFlowLoginController extends Controller {
],
'guest'
);

$response->setContentSecurityPolicy($csp);
return $response;
}

/**
@@ -234,7 +240,10 @@ class ClientFlowLoginController extends Controller {
$clientName = $client->getName();
}

return new StandaloneTemplateResponse(
$csp = new Http\ContentSecurityPolicy();
$csp->addAllowedFormActionDomain('nc://*');

$response = new StandaloneTemplateResponse(
$this->appName,
'loginflow/grant',
[
@@ -248,6 +257,9 @@ class ClientFlowLoginController extends Controller {
],
'guest'
);

$response->setContentSecurityPolicy($csp);
return $response;
}

/**

+ 6
- 0
tests/Core/Controller/ClientFlowLoginControllerTest.php View File

@@ -186,6 +186,9 @@ class ClientFlowLoginControllerTest extends TestCase {
],
'guest'
);
$csp = new Http\ContentSecurityPolicy();
$csp->addAllowedFormActionDomain('nc://*');
$expected->setContentSecurityPolicy($csp);
$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage());
}

@@ -245,6 +248,9 @@ class ClientFlowLoginControllerTest extends TestCase {
],
'guest'
);
$csp = new Http\ContentSecurityPolicy();
$csp->addAllowedFormActionDomain('nc://*');
$expected->setContentSecurityPolicy($csp);
$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage('MyClientIdentifier'));
}


Write Preview
Loading…
Cancel
Save