Fix login flow form actions
So fun fact. Chrome considers a redirect after submitting a form part of the form actions. Since we redirect to a new protocol (nc://login/). Causing the form submission to work but the redirect failing hard. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
11cf253f52
commit
6dc179ee12
|
@ -195,7 +195,10 @@ class ClientFlowLoginController extends Controller {
|
|||
);
|
||||
$this->session->set(self::stateName, $stateToken);
|
||||
|
||||
return new StandaloneTemplateResponse(
|
||||
$csp = new Http\ContentSecurityPolicy();
|
||||
$csp->addAllowedFormActionDomain('nc://*');
|
||||
|
||||
$response = new StandaloneTemplateResponse(
|
||||
$this->appName,
|
||||
'loginflow/authpicker',
|
||||
[
|
||||
|
@ -209,6 +212,9 @@ class ClientFlowLoginController extends Controller {
|
|||
],
|
||||
'guest'
|
||||
);
|
||||
|
||||
$response->setContentSecurityPolicy($csp);
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -234,7 +240,10 @@ class ClientFlowLoginController extends Controller {
|
|||
$clientName = $client->getName();
|
||||
}
|
||||
|
||||
return new StandaloneTemplateResponse(
|
||||
$csp = new Http\ContentSecurityPolicy();
|
||||
$csp->addAllowedFormActionDomain('nc://*');
|
||||
|
||||
$response = new StandaloneTemplateResponse(
|
||||
$this->appName,
|
||||
'loginflow/grant',
|
||||
[
|
||||
|
@ -248,6 +257,9 @@ class ClientFlowLoginController extends Controller {
|
|||
],
|
||||
'guest'
|
||||
);
|
||||
|
||||
$response->setContentSecurityPolicy($csp);
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -186,6 +186,9 @@ class ClientFlowLoginControllerTest extends TestCase {
|
|||
],
|
||||
'guest'
|
||||
);
|
||||
$csp = new Http\ContentSecurityPolicy();
|
||||
$csp->addAllowedFormActionDomain('nc://*');
|
||||
$expected->setContentSecurityPolicy($csp);
|
||||
$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage());
|
||||
}
|
||||
|
||||
|
@ -245,6 +248,9 @@ class ClientFlowLoginControllerTest extends TestCase {
|
|||
],
|
||||
'guest'
|
||||
);
|
||||
$csp = new Http\ContentSecurityPolicy();
|
||||
$csp->addAllowedFormActionDomain('nc://*');
|
||||
$expected->setContentSecurityPolicy($csp);
|
||||
$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage('MyClientIdentifier'));
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue