CSP breaks GitHubAuth on index and bug modal pages

RESOLVED FIXED

Status

()

P1
major
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: dylan, Assigned: dylan)

Tracking

Production

Details

Attachments

(1 attachment)

(Assignee)

Description

2 years ago
03:16 <jee1mr_> happens only on the main page, I guess. I am able to login from a bug page.
03:16 <jee1mr_> Also, got this :
03:16 <jee1mr_> Bugzilla has suffered an internal error: Bugzilla prevented you from logging in from a page containing private information.
03:16 <jee1mr_> Should I create an issue on github?
(Assignee)

Updated

2 years ago
Severity: normal → major
Priority: -- → P1
(Assignee)

Updated

2 years ago
Depends on: 1286290
(Assignee)

Comment 1

2 years ago
the relevant error was actually:

03:15 <jee1mr_> Hi, unable to login to Bugzilla with github. Getting this
03:15 <jee1mr_> Refused to send form data to 'https://github.com/login/oauth/authorize?...........' because it violates the following Content Security Policy directive: "form-action 'self' https://www.google.com/search".
(Assignee)

Comment 2

2 years ago
Created attachment 8833923 [details] [diff] [review]
1336387_1.patch

dkl: note this only impacts blink/webkit, but not gecko. So firefoxu users could continue using github auth logins.
Attachment #8833923 - Flags: review?(dkl)
Comment on attachment 8833923 [details] [diff] [review]
1336387_1.patch

Review of attachment 8833923 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8833923 - Flags: review?(dkl) → review+
(Assignee)

Comment 4

2 years ago
To git@github.com:mozilla-bteam/bmo.git
   92ca9f6..bc705ae  master -> master
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED

Updated

2 years ago
Duplicate of this bug: 1337215
This now live.

dkl
You need to log in before you can comment on or make changes to this bug.