Просмотр исходного кода

Avoid using Facebook garbage fragment to complete login

Facebook adds a nonsense fragment to all redirect URIs when returning a code. This stops a fragments being surreptitiously passed through the authorization flow.

See http://stackoverflow.com/questions/7131909/facebook-callback-appends-to-return-url

Before this change, the presence of Facebook's garbage fragment would break the Swagger UI complete page, as having any fragment value at all will cause the complete page to ignore the query string. This change avoids using the fragment if it looks to be useless.
bubble
Joe Littlejohn 7 лет назад
committed by GitHub
Родитель
Сommit
1b18429eca
1 измененных файлов: 2 добавлений и 2 удалений
  1. +2
    -2
      src/main/html/o2c.html

+ 2
- 2
src/main/html/o2c.html Просмотреть файл

@@ -1,6 +1,6 @@
<script>
var qp = null;
if(window.location.hash) {
if(window.location.hash && window.location.hash !== "#_=_") {
qp = location.hash.substring(1);
}
else {
@@ -17,4 +17,4 @@ else
window.opener.onOAuthComplete(qp);

window.close();
</script>
</script>

Загрузка…
Отмена
Сохранить