David Taylor
cf60de59b1
FIX: Allow omniauth confirmation page to pass through GET parameters
...
Using the rails `form_tag` helper generates a form with the action attribute set to the current URL (without parameters). In this case, we want to include any GET parameters, so it is better to exclude the action attribute from the form tag, and allow browsers to submit to the current URL.
2020-01-08 15:31:51 +00:00
David Taylor
d2bceff133
FEATURE: Use full page redirection for all external auth methods ( #8092 )
...
Using popups is becoming increasingly rare. Full page redirects are already used on mobile, and for some providers. This commit removes all logic related to popup authentication, leaving only the full page redirect method.
For more info, see https://meta.discourse.org/t/do-we-need-popups-for-login/127988
2019-10-08 12:10:43 +01:00
Jarek Radosz
d407bcab36
FIX: Correctly escape category description text ( #8107 )
...
* FIX: Correctly escape category description text
This bug has been introduced in db14e109437ad338e3e6/app/models/theme.rb (L237-L242)
2019-10-01 12:04:39 -04:00
David Taylor
213b7d19d9
UX: Fallback to unlocalized auth provider name if required
2019-08-13 01:22:02 +01:00
David Taylor
3b8c468832
SECURITY: Require POST with CSRF token for OmniAuth request phase
2019-08-08 11:58:00 +01:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts ( #6528 )
...
* wizard page inline js
* print topic inline js
* drop JS for preventing double submission
this is the default behavior with Rails' UJS `disable_with` helper
* omniauth complete redirect JS
* account activate inline js
2018-10-25 09:52:01 -04:00
Vinoth Kannan
f08995c390
Remove unused code lines
2017-12-29 12:32:18 +05:30
Neil Lalonde
66e53f449a
UX: Auth complete page/modal has a link to continue to the site to accomodate auth methods that can't automatically redirect to Discourse
2017-11-21 13:56:19 -05:00
Robin Ward
cef64e8f03
UX: Use no_ember styling for omniauth error page
2017-11-15 14:04:26 -05:00
Robin Ward
f7c303c82e
FIX: If there's no window.opener use the localStorage method for login
2016-07-08 14:45:34 -04:00
Robin Ward
eff2865278
FIX: Support create account on facebook browser
2016-06-10 11:12:46 -04:00
Robin Ward
171dbd4b09
Allow redirects on Facebook Browser
2016-06-09 15:51:46 -04:00
Robin Ward
f6eb5e823b
Temporarily remove FB browser redirect
2016-06-09 15:35:17 -04:00
Robin Ward
ba5993ae79
FIX: Invalid escaping of URL
2016-06-09 15:10:21 -04:00
Robin Ward
4730c82b3a
FIX: Detect window.opener
2016-06-09 14:51:38 -04:00
Robin Ward
eee15dfe7f
FIX: On facebook browser, don't close the window but redirect instead
2016-06-09 14:20:44 -04:00
Sam
b6c2aa13e6
clean up implementation of non frame login / registration
2015-10-13 14:49:09 +11:00
Sam
fab51496cb
correct full screen login feature
2015-10-13 13:11:49 +11:00
Sam
b3aebca406
FEATURE: allow auto provider to specify "full screen login"
...
this feature means we attempt to log in without opening a frame.
2015-10-13 12:23:34 +11:00
Sam
57e3323663
redirect back to base uri if there is no window opener.
2015-10-13 12:03:43 +11:00
Robin Ward
b4960d48b4
Better support for passing up errors when OmniAuth fails after auth
2015-06-24 12:12:43 -04:00
Neil Lalonde
4762b4ac24
FIX: on completion of external auth, window.close may fail because of iOS Safari bug. Prompt user to manually close the window.
2014-10-15 11:00:34 -04:00
Sam
075002a6d5
refactoring the plugin interfaces to allow for better extensible
2013-08-26 12:59:17 +10:00
Kuba Brecka
9bf5e31f94
some more extracted strings for translation
2013-03-03 23:00:16 +01:00
Jesse Pollak
ad5a5b4866
This commit adds a callback route to handle omniauth failure and removes a few unneccessary entries in en.yml
2013-02-14 18:08:40 -08:00
xdite
9189d937f7
move all logic to omniauth
...
implement omniauth-facebook / omniauth-twitter
2013-02-13 15:08:38 +08:00
