Page MenuHomePhabricator

Unable to log in to Phabricator via MediaWiki on mobile (CSP error)
Closed, ResolvedPublic

Description

Earlier today I tried to log in on Phabricator on mobile, but the button to log in via MediaWiki doesn't work. I tap it, and it turns gray (see attached screenshot), and then nothing happens. Logging in via LDAP worked, but logging in via MediaWiki should obviously work as well.

OS: Android 8.1.0
Browser: Chrome 67.0.3396.87

Event Timeline

jhsoby created this task.Aug 7 2018, 7:59 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 7 2018, 7:59 PM
Izno added a subscriber: Izno.EditedAug 8 2018, 12:19 AM

I have this problem from inside the Gmail app (which uses Chrome under the hood when opening links in the app) but not from Firefox, so I would guess this is a Chrome problem on Android.

Im guessing this problem is the new anti vandalism stuff.

Krinkle added a subscriber: Krinkle.EditedAug 8 2018, 12:28 AM

I can reproduce this on Chrome for iOS. I see a warning about CSP violations in the console.

Refused to send form data to 'https://m.mediawiki.org/' because it violates the following Content Security Policy directive: "form-action 'self' https://www.mediawiki.org".

Krinkle renamed this task from Unable to log in to Phabricator via MediaWiki on mobile to Unable to log in to Phabricator via MediaWiki on mobile (CSP error).Aug 8 2018, 12:33 AM

Im guessing this problem is the new anti vandalism stuff.

@Paladox: Please explain why you guess so technically speaking, assuming that you did not add random speculation to this task.

mmodell added a subscriber: mmodell.Aug 9 2018, 7:20 PM

@Paladox: I'm fairly certain that it is not related to the anti-vandalism extension.

Oh sorry that I didn’t respond. Sorry that I was wrong or caused spam. Must be something else then?

mmodell claimed this task.Aug 9 2018, 7:21 PM
mmodell added a comment.EditedAug 9 2018, 7:24 PM

Content Security Policy violation. Apparently it's because mediawiki redirects to m.mediawiki.org and the phabricator form submit policy only allows www.mediawiki.org.

mmodell closed this task as Resolved.Aug 13 2018, 10:43 PM

I'm going to mark this resolved because I believe the issue has been patched by rPHEX55ebacf7f022, please reopen if you are still seeing this issue.

I'm going to mark this resolved because I believe the issue has been patched by rPHEX55ebacf7f022, please reopen if you are still seeing this issue.

I can still reproduce the issue. Was the patch deployed?

  • Incognito window in Chrome, navigate to https://phabricator.wikimedia.org.
  • Open Developer Tools, Toggle device toolbar, Refresh.
  • Click "Log in", then the "Log In or Register - MediaWiki" button.

Nothing happens. Console shows the CSP error.

Krinkle reopened this task as Open.Aug 14 2018, 1:32 PM
mmodell closed this task as Resolved.Aug 23 2018, 4:14 PM

The fix was deployed last night and I'm not able to reproduce currently by following @Krinkle's instructions. I think it's really resolved now.