diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-08-10 19:27:01 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-08-11 19:53:49 +0200 |
| commit | 6dc179ee12fe86a6e70ff53630d60da3e5aecc60 (patch) | |
| tree | 0b4798694b228188afca150f773cb5cbcca65a3b | |
| parent | 11cf253f52ec9a133d8d22802c9070aabf7cfa4c (diff) | |
| download | nextcloud-server-6dc179ee12fe86a6e70ff53630d60da3e5aecc60.tar.gz nextcloud-server-6dc179ee12fe86a6e70ff53630d60da3e5aecc60.zip | |
Fix login flow form actions
So fun fact. Chrome considers a redirect after submitting a form part of
the form actions. Since we redirect to a new protocol (nc://login/).
Causing the form submission to work but the redirect failing hard.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 16 | ||||
| -rw-r--r-- | tests/Core/Controller/ClientFlowLoginControllerTest.php | 6 |
2 files changed, 20 insertions, 2 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 748139fe832..f049f282ce8 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -195,7 +195,10 @@ class ClientFlowLoginController extends Controller { ); $this->session->set(self::stateName, $stateToken); - return new StandaloneTemplateResponse( + $csp = new Http\ContentSecurityPolicy(); + $csp->addAllowedFormActionDomain('nc://*'); + + $response = new StandaloneTemplateResponse( $this->appName, 'loginflow/authpicker', [ @@ -209,6 +212,9 @@ class ClientFlowLoginController extends Controller { ], 'guest' ); + + $response->setContentSecurityPolicy($csp); + return $response; } /** @@ -234,7 +240,10 @@ class ClientFlowLoginController extends Controller { $clientName = $client->getName(); } - return new StandaloneTemplateResponse( + $csp = new Http\ContentSecurityPolicy(); + $csp->addAllowedFormActionDomain('nc://*'); + + $response = new StandaloneTemplateResponse( $this->appName, 'loginflow/grant', [ @@ -248,6 +257,9 @@ class ClientFlowLoginController extends Controller { ], 'guest' ); + + $response->setContentSecurityPolicy($csp); + return $response; } /** diff --git a/tests/Core/Controller/ClientFlowLoginControllerTest.php b/tests/Core/Controller/ClientFlowLoginControllerTest.php index 73b8118a876..f35b616a68e 100644 --- a/tests/Core/Controller/ClientFlowLoginControllerTest.php +++ b/tests/Core/Controller/ClientFlowLoginControllerTest.php @@ -186,6 +186,9 @@ class ClientFlowLoginControllerTest extends TestCase { ], 'guest' ); + $csp = new Http\ContentSecurityPolicy(); + $csp->addAllowedFormActionDomain('nc://*'); + $expected->setContentSecurityPolicy($csp); $this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage()); } @@ -245,6 +248,9 @@ class ClientFlowLoginControllerTest extends TestCase { ], 'guest' ); + $csp = new Http\ContentSecurityPolicy(); + $csp->addAllowedFormActionDomain('nc://*'); + $expected->setContentSecurityPolicy($csp); $this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage('MyClientIdentifier')); } |