Use history replaceState instead of redirect for SSO flow #16292
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use replaceState instead of a redirect to strip the loginToken Put user into the same post-auth flows of E2ESetup Skip UIA prompt in this post-auth flow, happy path is a server grace period
jryans
approved these changes
Jan 27, 2021
|
The token is single use, purging it from history & url is just a cleanliness thing |
|
@t3chguy if another params are passed alongside |
bekliev
reviewed
Feb 9, 2021
| @@ -124,7 +124,7 @@ function onTokenLoginCompleted() { | |||
| parsedUrl.search = ""; | |||
There was a problem hiding this comment.
Maybe it's better to just clean particular query param?
In our case it's the loginToken
bekliev
added a commit
to bekliev/element-web
that referenced
this pull request
Feb 9, 2021
…ginToken query-param from the window.location api. Related to element-hq#16292 Signed-off-by: Bekliev Parviz <nightkon95@gmail.com>
|
@bekliev maybe, I was just matching the behaviour that was already there and swapping the redirect for a replaceState |
bekliev
added a commit
to bekliev/element-web
that referenced
this pull request
Feb 9, 2021
…ginToken query-param from the window.location api. Related to element-hq#16292 Signed-off-by: Bekliev Parviz <nightkon95@gmail.com>
bekliev
added a commit
to bekliev/element-web
that referenced
this pull request
Feb 11, 2021
Related to element-hq#16292 Signed-off-by: Bekliev Parviz <nightkon95@gmail.com>
bekliev
added a commit
to bekliev/element-web
that referenced
this pull request
Feb 11, 2021
Related to element-hq#16292 Signed-off-by: Bekliev Parviz <nightkon95@gmail.com>
bekliev
added a commit
to bekliev/element-web
that referenced
this pull request
Feb 11, 2021
Related to element-hq#16292 Signed-off-by: Bekliev Parviz <nightkon95@gmail.com>
bekliev
added a commit
to bekliev/element-web
that referenced
this pull request
Feb 11, 2021
Related to element-hq#16292 Signed-off-by: Bekliev Parviz <nightkon95@gmail.com>
bekliev
added a commit
to bekliev/element-web
that referenced
this pull request
Feb 11, 2021
Related to element-hq#16292 Signed-off-by: Bekliev Parviz <nightkon95@gmail.com>
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Mar 6, 2021
Changes in [1.7.22](https://github.com/vector-im/element-web/releases/tag/v1.7.22) (2021-03-01) =============================================================================================== [Full Changelog](element-hq/element-web@v1.7.22-rc.1...v1.7.22) ## Security notice Element Web 1.7.22 fixes (by upgrading to matrix-react-sdk 3.15.0) a low severity issue (CVE-2021-21320) where the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. Thanks to @keerok for responsibly disclosing this via Matrix's Security Disclosure Policy. ## All changes * Upgrade to React SDK 3.15.0 and JS SDK 9.8.0 Changes in [1.7.22-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.22-rc.1) (2021-02-24) ========================================================================================================= [Full Changelog](element-hq/element-web@v1.7.21...v1.7.22-rc.1) * Upgrade to React SDK 3.15.0-rc.1 and JS SDK 9.8.0-rc.1 * Translations update from Weblate [\#16529](element-hq/element-web#16529) * Add hostSignup config for element.io clients [\#16515](element-hq/element-web#16515) * VoIP virtual rooms, mkII [\#16442](element-hq/element-web#16442) * Jitsi widget: Read room name from query parameters [\#16456](element-hq/element-web#16456) * fix / sso: make sure to delete only loginToken after redirect [\#16415](element-hq/element-web#16415) * Disable Countly [\#16433](element-hq/element-web#16433) Changes in [1.7.21](https://github.com/vector-im/element-web/releases/tag/v1.7.21) (2021-02-16) =============================================================================================== [Full Changelog](element-hq/element-web@v1.7.21-rc.1...v1.7.21) * Upgrade to React SDK 3.14.0 and JS SDK 9.7.0 Changes in [1.7.21-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.21-rc.1) (2021-02-10) ========================================================================================================= [Full Changelog](element-hq/element-web@v1.7.20...v1.7.21-rc.1) * Upgrade to React SDK 3.14.0-rc.1 and JS SDK 9.7.0-rc.1 * Translations update from Weblate [\#16427](element-hq/element-web#16427) * Add RegExp dotAll feature test [\#16408](element-hq/element-web#16408) * Fix Electron type merging [\#16405](element-hq/element-web#16405) * README: remove Jenkins reference [\#16381](element-hq/element-web#16381) * Enable PostCSS Calc in webpack builds [\#16307](element-hq/element-web#16307) * Add configuration security best practices to the README. [\#16367](element-hq/element-web#16367) * Upgrade matrix-widget-api [\#16347](element-hq/element-web#16347) Changes in [1.7.20](https://github.com/vector-im/element-web/releases/tag/v1.7.20) (2021-02-04) =============================================================================================== [Full Changelog](element-hq/element-web@v1.7.19...v1.7.20) * Upgrade to React SDK 3.13.1 Changes in [1.7.19](https://github.com/vector-im/element-web/releases/tag/v1.7.19) (2021-02-03) =============================================================================================== [Full Changelog](element-hq/element-web@v1.7.19-rc.1...v1.7.19) * Upgrade to React SDK 3.13.0 and JS SDK 9.6.0 * [Release] Upgrade matrix-widget-api [\#16348](element-hq/element-web#16348) Changes in [1.7.19-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.19-rc.1) (2021-01-29) ========================================================================================================= [Full Changelog](element-hq/element-web@v1.7.18...v1.7.19-rc.1) * Upgrade to React SDK 3.13.0-rc.1 and JS SDK 9.6.0-rc.1 * Translations update from Weblate [\#16314](element-hq/element-web#16314) * Use history replaceState instead of redirect for SSO flow [\#16292](element-hq/element-web#16292) * Document the mobile guide toast option [\#16301](element-hq/element-web#16301) * Update widget-api to beta.12 [\#16303](element-hq/element-web#16303) * Upgrade deps 2021-01 [\#16294](element-hq/element-web#16294) * Move to newer base image for Docker builds [\#16275](element-hq/element-web#16275) * Docs for the VoIP translate pattern option [\#16236](element-hq/element-web#16236) * Fix Riot->Element in permalinkPrefix docs [\#16227](element-hq/element-web#16227) * Supply server_name for optional federation-capable Jitsi auth [\#16215](element-hq/element-web#16215) * Fix Widget API version confusion [\#16212](element-hq/element-web#16212) * Add Hebrew language [\#16210](element-hq/element-web#16210) * Update widget-api to beta 11 [\#16177](element-hq/element-web#16177) * Fix develop Docker builds [\#16192](element-hq/element-web#16192) * Skip the service worker for Electron [\#16157](element-hq/element-web#16157) * Use isolated IPC API [\#16137](element-hq/element-web#16137) Changes in [1.7.18](https://github.com/vector-im/element-web/releases/tag/v1.7.18) (2021-01-26) =============================================================================================== [Full Changelog](element-hq/element-web@v1.7.17...v1.7.18) * Upgrade to React SDK 3.12.1 and JS SDK 9.5.1 Changes in [1.7.17](https://github.com/vector-im/element-web/releases/tag/v1.7.17) (2021-01-18) =============================================================================================== [Full Changelog](element-hq/element-web@v1.7.17-rc.1...v1.7.17) * Upgrade to React SDK 3.12.0 and JS SDK 9.5.0 Changes in [1.7.17-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.17-rc.1) (2021-01-13) ========================================================================================================= [Full Changelog](element-hq/element-web@v1.7.16...v1.7.17-rc.1) * Upgrade to React SDK 3.12.0-rc.1 and JS SDK 9.5.0-rc.1 * Translations update from Weblate [\#16131](element-hq/element-web#16131) * webplatform: Fix notification closing [\#16028](element-hq/element-web#16028) * Stop building code and types for Element layer [\#15999](element-hq/element-web#15999)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Has additional benefit of not leaving the loginToken in history