| jhsoby | |
| Aug 7 2018, 7:59 PM |
| F24913919: Screen Shot 2018-08-13 at 23.50.33.png | |
| Aug 13 2018, 10:51 PM |
| F24648351: Screenshot_20180807-161947.png | |
| Aug 7 2018, 7:59 PM |
Earlier today I tried to log in on Phabricator on mobile, but the button to log in via MediaWiki doesn't work. I tap it, and it turns gray (see attached screenshot), and then nothing happens. Logging in via LDAP worked, but logging in via MediaWiki should obviously work as well.
OS: Android 8.1.0
Browser: Chrome 67.0.3396.87
I have this problem from inside the Gmail app (which uses Chrome under the hood when opening links in the app) but not from Firefox, so I would guess this is a Chrome problem on Android.
I can reproduce this on Chrome for iOS. I see a warning about CSP violations in the console.
Refused to send form data to 'https://m.mediawiki.org/' because it violates the following Content Security Policy directive: "form-action 'self' https://www.mediawiki.org".
@Paladox: Please explain why you guess so technically speaking, assuming that you did not add random speculation to this task.
Oh sorry that I didn’t respond. Sorry that I was wrong or caused spam. Must be something else then?
Content Security Policy violation. Apparently it's because mediawiki redirects to m.mediawiki.org and the phabricator form submit policy only allows www.mediawiki.org.
This should be fixed by rPHEX55ebacf7f022: Add mobile uri to the CSP list of allowed form actions
I'm going to mark this resolved because I believe the issue has been patched by rPHEX55ebacf7f022, please reopen if you are still seeing this issue.
I can still reproduce the issue. Was the patch deployed?
Nothing happens. Console shows the CSP error.
The fix was deployed last night and I'm not able to reproduce currently by following @Krinkle's instructions. I think it's really resolved now.