summaryrefslogtreecommitdiffstats
path: root/editwhines.cgi
diff options
context:
space:
mode:
authorEd Morley <edmorley@users.noreply.github.com>2017-05-31 23:08:41 +0200
committerDylan William Hardison <dylan@hardison.net>2017-05-31 23:08:41 +0200
commit0087764fc747d00b76264d333650eb08ef9d9a28 (patch)
treedb2939476f37ea2410d7d4bbc275eae0c707fc07 /editwhines.cgi
parent9b98e5f442c2305f250f31062fcb77e0180a5cec (diff)
downloadbugzilla-0087764fc747d00b76264d333650eb08ef9d9a28.tar.gz
bugzilla-0087764fc747d00b76264d333650eb08ef9d9a28.tar.xz
Bug 1368739 - Make OrangeFactor extension work with SSO
OrangeFactor is now behind SSO, so cross-origin requests to the API must use `withCredentials` to ensure the session cookie is sent if it exists. OrangeFactor's API permits this via appropriately set `Access-Control-Allow-{Origin,Credentials}` headers. Users will also now be reminded about the need to sign in via OrangeFactor first. Unfortunately there's no way to catch the SSO HTTP 302 separately from other failure modes, since: (a) the `XMLHttpRequest` spec doesn't allow for telling if a request redirected (b) the workaround (sniffing content-type of the response and seeing if it's `text/html` rather than `application/json`) isn't possible since BMO's CSP blocks the request to auth0.com. ...however this extension is going to be replaced once OrangeFactor is decommissioned, so meh. The redundant hiding of `#orange-graph` has also been removed.
Diffstat (limited to 'editwhines.cgi')
0 files changed, 0 insertions, 0 deletions