Unbreak OAuth Registration
ecd4b03a4e56
Actions

Authored by epriestley <git@epriestley.com> on Feb 8 2012, 19:26.

Description

Unbreak OAuth Registration

Summary:
@vrana patched an important external-CSRF-leaking hole recently (D1558), but
since we are sloppy in building this form it got caught in the crossfire.

We set action to something like "http://this.server.com/oauth/derp/", but that
triggers CSRF protection by removing CSRF tokens from the form. This makes OAuth
login not work.

Instead, use the local path only so we generate a CSRF token.

Test Plan: Registered locally via oauth.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran, epriestley, demo

Maniphest Tasks: T853

Differential Revision: https://secure.phabricator.com/D1597

Details

Committed

epriestley <git@epriestley.com>

Feb 8 2012, 22:42

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH8482569a47a9: Add line link to Paste

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHecd4b03a4e56: Unbreak OAuth Registration (authored by epriestley <git@epriestley.com>).Feb 8 2012, 22:42

Changes (2)

				Path
	M			src/applications/auth/controller/oauthregistration/default/PhabricatorOAuthDefaultRegistrationController.php
	M			src/applications/auth/controller/oauthregistration/default/__init__.php

rPHecd4b03a4e56

View Options

src/applications/auth/controller/oauthregistration/default/PhabricatorOAuthDefaultRegistrationController.php