Selaa lähdekoodia

Avoid using Facebook garbage fragment to complete login

Facebook adds a nonsense fragment to all redirect URIs when returning a code. This stops a fragments being surreptitiously passed through the authorization flow.

See http://stackoverflow.com/questions/7131909/facebook-callback-appends-to-return-url

Before this change, the presence of Facebook's garbage fragment would break the Swagger UI complete page, as having any fragment value at all will cause the complete page to ignore the query string. This change avoids using the fragment if it looks to be useless.
bubble
Joe Littlejohn 7 vuotta sitten
committed by GitHub
vanhempi
commit
1b18429eca
1 muutettua tiedostoa jossa 2 lisäystä ja 2 poistoa
  1. +2
    -2
      src/main/html/o2c.html

+ 2
- 2
src/main/html/o2c.html Näytä tiedosto

@@ -1,6 +1,6 @@
<script>
var qp = null;
if(window.location.hash) {
if(window.location.hash && window.location.hash !== "#_=_") {
qp = location.hash.substring(1);
}
else {
@@ -17,4 +17,4 @@ else
window.opener.onOAuthComplete(qp);

window.close();
</script>
</script>

Ladataan…
Peruuta
Tallenna