From 1b18429eca01e92e6fee8c0c04c51e766eca3c75 Mon Sep 17 00:00:00 2001
From: Joe Littlejohn <joelittlejohn@gmail.com>
Date: Mon, 7 Nov 2016 14:58:13 +0000
Subject: [PATCH] Avoid using Facebook garbage fragment to complete login

Facebook adds a nonsense fragment to all redirect URIs when returning a code. This stops a fragments being surreptitiously passed through the authorization flow.

See http://stackoverflow.com/questions/7131909/facebook-callback-appends-to-return-url

Before this change, the presence of Facebook's garbage fragment would break the Swagger UI complete page, as having any fragment value at all will cause the complete page to ignore the query string. This change avoids using the fragment if it looks to be useless.
---
 src/main/html/o2c.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/html/o2c.html b/src/main/html/o2c.html
index 88e8bf11..da8bf055 100644
--- a/src/main/html/o2c.html
+++ b/src/main/html/o2c.html
@@ -1,6 +1,6 @@
 <script>
 var qp = null;
-if(window.location.hash) {
+if(window.location.hash && window.location.hash !== "#_=_") {
   qp = location.hash.substring(1);
 }
 else {
@@ -17,4 +17,4 @@ else
     window.opener.onOAuthComplete(qp);
 
 window.close();
-</script>
\ No newline at end of file
+</script>