| Index: remoting/webapp/third_party_token_fetcher.js
|
| diff --git a/remoting/webapp/third_party_token_fetcher.js b/remoting/webapp/third_party_token_fetcher.js
|
| index a16246cd0109067ea9411bdb557c6b3a53fc30e5..ca14489e2ecbc5ebe00a749abad561169fd6e060 100644
|
| --- a/remoting/webapp/third_party_token_fetcher.js
|
| +++ b/remoting/webapp/third_party_token_fetcher.js
|
| @@ -88,9 +88,9 @@ remoting.ThirdPartyTokenFetcher.prototype.parseRedirectUrl_ =
|
| function(responseUrl) {
|
| var token = '';
|
| var sharedSecret = '';
|
| - if (responseUrl &&
|
| - responseUrl.search(this.redirectUri_ + '#') == 0) {
|
| - var query = responseUrl.substring(this.redirectUri_.length + 1);
|
| +
|
| + if (responseUrl && responseUrl.search('#') >= 0) {
|
| + var query = responseUrl.substring(responseUrl.search('#') + 1);
|
| var parts = query.split('&');
|
| /** @type {Object.<string>} */
|
| var queryArgs = {};
|
| @@ -100,8 +100,7 @@ remoting.ThirdPartyTokenFetcher.prototype.parseRedirectUrl_ =
|
| }
|
|
|
| // Check that 'state' contains the same XSRF token we sent in the request.
|
| - var xsrfToken = queryArgs['state'];
|
| - if (xsrfToken == this.xsrfToken_ &&
|
| + if ('state' in queryArgs && queryArgs['state'] == this.xsrfToken_ &&
|
| 'code' in queryArgs && 'access_token' in queryArgs) {
|
| // Terminology note:
|
| // In the OAuth code/token exchange semantics, 'code' refers to the value
|
|
|
Chromium Code Reviews
Issue 22611008:
Remove third party auth redirect URI domain check. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src