Merge pull request #15 from fedwiki/paul90/no-referer
Don't rely on referer
This commit is contained in:
Ward Cunningham
GitHub
commit
6f60d07a3a
@ -82,6 +82,8 @@ update_footer = (ownerName, isAuthenticated) ->
|
|||||||
$('footer > #security > #addAltAuth').click (e) ->
|
$('footer > #security > #addAltAuth').click (e) ->
|
||||||
e.preventDefault
|
e.preventDefault
|
||||||
|
|
||||||
|
document.cookie = "wikiName=#{window.location.host}" + ";domain=.#{settings.cookieDomain}; path=/; max-age=300;"
|
||||||
|
|
||||||
w = WinChan.open({
|
w = WinChan.open({
|
||||||
url: settings.dialogAddAltURL
|
url: settings.dialogAddAltURL
|
||||||
relay_url: settings.relayURL
|
relay_url: settings.relayURL
|
||||||
@ -129,6 +131,8 @@ update_footer = (ownerName, isAuthenticated) ->
|
|||||||
$('footer > #security > #show-security-dialog').click (e) ->
|
$('footer > #security > #show-security-dialog').click (e) ->
|
||||||
e.preventDefault()
|
e.preventDefault()
|
||||||
|
|
||||||
|
document.cookie = "wikiName=#{window.location.host}" + ";domain=.#{settings.cookieDomain}; path=/; max-age=300;"
|
||||||
|
|
||||||
w = WinChan.open({
|
w = WinChan.open({
|
||||||
url: settings.dialogURL
|
url: settings.dialogURL
|
||||||
relay_url: settings.relayURL
|
relay_url: settings.relayURL
|
||||||
|
|||||||
14
package.json
14
package.json
@ -5,22 +5,22 @@
|
|||||||
"author": "Paul Rodwell <paul.rodwell@btinternet.com> (http://rodwell.me)",
|
"author": "Paul Rodwell <paul.rodwell@btinternet.com> (http://rodwell.me)",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"coffee-script": "^1.12.4",
|
"coffeescript": "^1.12.7",
|
||||||
"es6-promise": "^4.1.0",
|
"es6-promise": "^4.1.1",
|
||||||
"lodash": "^4.17.4",
|
"lodash": "^4.17.4",
|
||||||
"passport": "^0.3.2",
|
"passport": "^0.4.0",
|
||||||
"passport-github": "^1.1.0",
|
"passport-github": "^1.1.0",
|
||||||
"passport-google-oauth20": "^1.0.0",
|
"passport-google-oauth20": "^1.0.0",
|
||||||
"passport-twitter": "^1.0.4",
|
"passport-twitter": "^1.0.4",
|
||||||
"persona-pass": "^0.2.1",
|
"persona-pass": "^0.2.1",
|
||||||
"qs": "^6.4.0",
|
"qs": "^6.5.1",
|
||||||
"whatwg-fetch": "^2.0.3"
|
"whatwg-fetch": "^2.0.3"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"coffeeify": "^2.1.0",
|
"coffeeify": "^3.0.1",
|
||||||
"grunt": "^1.0.1",
|
"grunt": "^1.0.1",
|
||||||
"grunt-browserify": "~5",
|
"grunt-browserify": "^5.2.0",
|
||||||
"grunt-contrib-watch": "~1",
|
"grunt-contrib-watch": "^1.0.0",
|
||||||
"grunt-git-authors": "^3.2.0",
|
"grunt-git-authors": "^3.2.0",
|
||||||
"grunt-nsp": "*",
|
"grunt-nsp": "*",
|
||||||
"grunt-retire": "^1.0.7"
|
"grunt-retire": "^1.0.7"
|
||||||
|
|||||||
@ -308,7 +308,7 @@ module.exports = exports = (log, loga, argv) ->
|
|||||||
res.json settings
|
res.json settings
|
||||||
|
|
||||||
app.get '/auth/loginDialog', (req, res) ->
|
app.get '/auth/loginDialog', (req, res) ->
|
||||||
referer = req.headers.referer
|
cookies = req.cookies
|
||||||
schemeButtons = []
|
schemeButtons = []
|
||||||
_(ids).forEach (scheme) ->
|
_(ids).forEach (scheme) ->
|
||||||
switch scheme
|
switch scheme
|
||||||
@ -317,10 +317,7 @@ module.exports = exports = (log, loga, argv) ->
|
|||||||
when "google" then schemeButtons.push({button: "<a href='/auth/google' class='scheme-button google-button'><span>Google</span></a>"})
|
when "google" then schemeButtons.push({button: "<a href='/auth/google' class='scheme-button google-button'><span>Google</span></a>"})
|
||||||
|
|
||||||
info = {
|
info = {
|
||||||
wikiName: if useHttps
|
wikiName: cookies['wikiName']
|
||||||
url.parse(referer).hostname
|
|
||||||
else
|
|
||||||
url.parse(referer).host
|
|
||||||
wikiHostName: if wikiHost
|
wikiHostName: if wikiHost
|
||||||
"part of " + req.hostname + " wiki farm"
|
"part of " + req.hostname + " wiki farm"
|
||||||
else
|
else
|
||||||
@ -332,7 +329,7 @@ module.exports = exports = (log, loga, argv) ->
|
|||||||
res.render(path.join(__dirname, '..', 'views', 'securityDialog.html'), info)
|
res.render(path.join(__dirname, '..', 'views', 'securityDialog.html'), info)
|
||||||
|
|
||||||
app.get '/auth/personaLogin', (req, res) ->
|
app.get '/auth/personaLogin', (req, res) ->
|
||||||
referer = req.headers.referer
|
cookies = req.cookies
|
||||||
schemeButtons = []
|
schemeButtons = []
|
||||||
if Date.now() < personaEnd
|
if Date.now() < personaEnd
|
||||||
schemeButtons.push({
|
schemeButtons.push({
|
||||||
@ -350,10 +347,7 @@ module.exports = exports = (log, loga, argv) ->
|
|||||||
});
|
});
|
||||||
</script>"})
|
</script>"})
|
||||||
info = {
|
info = {
|
||||||
wikiName: if useHttps
|
wikiName: cookies['wikiName']
|
||||||
url.parse(referer).hostname
|
|
||||||
else
|
|
||||||
url.parse(referer).host
|
|
||||||
wikiHostName: if wikiHost
|
wikiHostName: if wikiHost
|
||||||
"part of " + req.hostname + " wiki farm"
|
"part of " + req.hostname + " wiki farm"
|
||||||
else
|
else
|
||||||
@ -365,10 +359,7 @@ module.exports = exports = (log, loga, argv) ->
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
info = {
|
info = {
|
||||||
wikiName: if useHttps
|
wikiName: cookies['wikiName']
|
||||||
url.parse(referer).hostname
|
|
||||||
else
|
|
||||||
url.parse(referer).host
|
|
||||||
wikiHostName: if wikiHost
|
wikiHostName: if wikiHost
|
||||||
"part of " + req.hostname + " wiki farm"
|
"part of " + req.hostname + " wiki farm"
|
||||||
else
|
else
|
||||||
@ -379,15 +370,10 @@ module.exports = exports = (log, loga, argv) ->
|
|||||||
res.render(path.join(__dirname, '..', 'views', 'personaDialog.html'), info)
|
res.render(path.join(__dirname, '..', 'views', 'personaDialog.html'), info)
|
||||||
|
|
||||||
app.get '/auth/loginDone', (req, res) ->
|
app.get '/auth/loginDone', (req, res) ->
|
||||||
referer = req.headers.referer
|
cookies = req.cookies
|
||||||
if referer is undefined
|
|
||||||
referer = ''
|
|
||||||
|
|
||||||
info = {
|
info = {
|
||||||
wikiName: if useHttps
|
wikiName: cookies['wikiName']
|
||||||
url.parse(referer).hostname
|
|
||||||
else
|
|
||||||
url.parse(referer).host
|
|
||||||
wikiHostName: if wikiHost
|
wikiHostName: if wikiHost
|
||||||
"part of " + req.hostname + " wiki farm"
|
"part of " + req.hostname + " wiki farm"
|
||||||
else
|
else
|
||||||
@ -406,7 +392,8 @@ module.exports = exports = (log, loga, argv) ->
|
|||||||
# this the user is authenticated
|
# this the user is authenticated
|
||||||
user = getUser(req)
|
user = getUser(req)
|
||||||
if user
|
if user
|
||||||
referer = req.headers.referer
|
cookies = req.cookies
|
||||||
|
|
||||||
|
|
||||||
currentSchemes = _.keys(user)
|
currentSchemes = _.keys(user)
|
||||||
altSchemes = _.difference(ids, currentSchemes)
|
altSchemes = _.difference(ids, currentSchemes)
|
||||||
@ -419,10 +406,7 @@ module.exports = exports = (log, loga, argv) ->
|
|||||||
when "google" then schemeButtons.push({button: "<a href='/auth/google' class='scheme-button google-button'><span>Google</span></a>"})
|
when "google" then schemeButtons.push({button: "<a href='/auth/google' class='scheme-button google-button'><span>Google</span></a>"})
|
||||||
|
|
||||||
info = {
|
info = {
|
||||||
wikiName: if useHttps
|
wikiName: cookies['wikiName']
|
||||||
url.parse(referer).hostname
|
|
||||||
else
|
|
||||||
url.parse(referer).host
|
|
||||||
wikiHostName: if wikiHost
|
wikiHostName: if wikiHost
|
||||||
"part of " + req.hostname + " wiki farm"
|
"part of " + req.hostname + " wiki farm"
|
||||||
else
|
else
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user