Closed Bug 1336387 Opened 8 years ago Closed 8 years ago

CSP breaks GitHubAuth on index and bug modal pages

Categories

(bugzilla.mozilla.org :: Extensions, defect, P1)

Product:
bugzilla.mozilla.org
Component:
Extensions
Version:
Production
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dylan, Assigned: dylan)

References

Details

Attachments

(1 file)

1336387_1.patch
1.67 KB, patch
dkl
: review+
Details | Diff | Splinter Review
03:16 <jee1mr_> happens only on the main page, I guess. I am able to login from a bug page. 03:16 <jee1mr_> Also, got this : 03:16 <jee1mr_> Bugzilla has suffered an internal error: Bugzilla prevented you from logging in from a page containing private information. 03:16 <jee1mr_> Should I create an issue on github?
Severity: normal → major
Priority: -- → P1
Depends on: bmo_csp_modal
the relevant error was actually: 03:15 <jee1mr_> Hi, unable to login to Bugzilla with github. Getting this 03:15 <jee1mr_> Refused to send form data to 'https://github.com/login/oauth/authorize?...........' because it violates the following Content Security Policy directive: "form-action 'self' https://www.google.com/search".
Attached patch 1336387_1.patchSplinter Review
dkl: note this only impacts blink/webkit, but not gecko. So firefoxu users could continue using github auth logins.
Attachment #8833923 - Flags: review?(dkl)
Comment on attachment 8833923 [details] [diff] [review] 1336387_1.patch Review of attachment 8833923 [details] [diff] [review]: ----------------------------------------------------------------- r=dkl
Attachment #8833923 - Flags: review?(dkl) → review+
To git@github.com:mozilla-bteam/bmo.git 92ca9f6..bc705ae master -> master
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
This now live. dkl
Component: Extensions: GitHubAuth → Extensions
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: