diff options
author | bzanotti <bzanotti@chromium.org> | 2015-10-22 11:53:32 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-10-22 18:54:20 +0000 |
commit | 3e345524dcd8570438433c17e2b6f28ec530058d (patch) | |
tree | 09c5de5a4a19423c5998e23da3576f391845af98 /google_apis | |
parent | 80f68764237a46e255de271b6242fd1dee318307 (diff) | |
download | chromium_src-3e345524dcd8570438433c17e2b6f28ec530058d.zip chromium_src-3e345524dcd8570438433c17e2b6f28ec530058d.tar.gz chromium_src-3e345524dcd8570438433c17e2b6f28ec530058d.tar.bz2 |
Make /MergeSession a GET request.
WKBling can only do programmatic POST request with cookies using
XMLHttpRequest, which doesn't support the redirects that /MergeSession
is doing. Making it a GET request fixes this issue.
Caching issues of the GET request should not arise, as GET request with
parameters must not be served from cache.
Putting the ubertoken in the URL is not a security issue according to
GAIA folks.
URL length doesn't seem to be an issue now. It might become one if the
externalCcResult are really long.
BUG=539776
Review URL: https://codereview.chromium.org/1414573006
Cr-Commit-Position: refs/heads/master@{#355590}
Diffstat (limited to 'google_apis')
-rw-r--r-- | google_apis/gaia/fake_gaia.cc | 9 | ||||
-rw-r--r-- | google_apis/gaia/gaia_auth_fetcher.cc | 14 | ||||
-rw-r--r-- | google_apis/gaia/gaia_auth_fetcher.h | 9 |
3 files changed, 19 insertions, 13 deletions
diff --git a/google_apis/gaia/fake_gaia.cc b/google_apis/gaia/fake_gaia.cc index 60c048b..94f8b42 100644 --- a/google_apis/gaia/fake_gaia.cc +++ b/google_apis/gaia/fake_gaia.cc @@ -353,21 +353,24 @@ void FakeGaia::HandleMergeSession(const HttpRequest& request, return; } + GURL request_url = GURL("http://localhost").Resolve(request.relative_url); + std::string request_query = request_url.query(); + std::string uber_token; - if (!GetQueryParameter(request.content, "uberauth", &uber_token) || + if (!GetQueryParameter(request_query, "uberauth", &uber_token) || uber_token != merge_session_params_.gaia_uber_token) { LOG(ERROR) << "Missing or invalid 'uberauth' param in /MergeSession call"; return; } std::string continue_url; - if (!GetQueryParameter(request.content, "continue", &continue_url)) { + if (!GetQueryParameter(request_query, "continue", &continue_url)) { LOG(ERROR) << "Missing or invalid 'continue' param in /MergeSession call"; return; } std::string source; - if (!GetQueryParameter(request.content, "source", &source)) { + if (!GetQueryParameter(request_query, "source", &source)) { LOG(ERROR) << "Missing or invalid 'source' param in /MergeSession call"; return; } diff --git a/google_apis/gaia/gaia_auth_fetcher.cc b/google_apis/gaia/gaia_auth_fetcher.cc index 1423359..59fa57a 100644 --- a/google_apis/gaia/gaia_auth_fetcher.cc +++ b/google_apis/gaia/gaia_auth_fetcher.cc @@ -103,7 +103,7 @@ const char GaiaAuthFetcher::kGetUserInfoFormat[] = "LSID=%s"; // static const char GaiaAuthFetcher::kMergeSessionFormat[] = - "uberauth=%s&" + "?uberauth=%s&" "continue=%s&" "source=%s"; // static @@ -290,7 +290,7 @@ std::string GaiaAuthFetcher::MakeGetUserInfoBody(const std::string& lsid) { } // static -std::string GaiaAuthFetcher::MakeMergeSessionBody( +std::string GaiaAuthFetcher::MakeMergeSessionQuery( const std::string& auth_token, const std::string& external_cc_result, const std::string& continue_url, @@ -588,9 +588,10 @@ void GaiaAuthFetcher::StartMergeSession(const std::string& uber_token, // created such that it sends the cookies with the request, which is // different from all other requests the fetcher can make. std::string continue_url("http://www.google.com"); - request_body_ = MakeMergeSessionBody(uber_token, external_cc_result, - continue_url, source_); - CreateAndStartGaiaFetcher(request_body_, std::string(), merge_session_gurl_, + std::string query = MakeMergeSessionQuery(uber_token, external_cc_result, + continue_url, source_); + CreateAndStartGaiaFetcher(std::string(), std::string(), + merge_session_gurl_.Resolve(query), net::LOAD_NORMAL); } @@ -944,7 +945,8 @@ void GaiaAuthFetcher::DispatchFetchedRequest( OnOAuth2TokenPairFetched(data, status, response_code); } else if (url == get_user_info_gurl_) { OnGetUserInfoFetched(data, status, response_code); - } else if (url == merge_session_gurl_) { + } else if (base::StartsWith(url.spec(), merge_session_gurl_.spec(), + base::CompareCase::SENSITIVE)) { OnMergeSessionFetched(data, status, response_code); } else if (url == uberauth_token_gurl_) { OnUberAuthTokenFetch(data, status, response_code); diff --git a/google_apis/gaia/gaia_auth_fetcher.h b/google_apis/gaia/gaia_auth_fetcher.h index f6e4aa8..6a92a21 100644 --- a/google_apis/gaia/gaia_auth_fetcher.h +++ b/google_apis/gaia/gaia_auth_fetcher.h @@ -382,10 +382,11 @@ class GaiaAuthFetcher : public net::URLFetcherDelegate { static std::string MakeGetUserInfoBody(const std::string& lsid); // Supply the authentication token returned from StartIssueAuthToken. - static std::string MakeMergeSessionBody(const std::string& auth_token, - const std::string& external_cc_result, - const std::string& continue_url, - const std::string& source); + static std::string MakeMergeSessionQuery( + const std::string& auth_token, + const std::string& external_cc_result, + const std::string& continue_url, + const std::string& source); static std::string MakeGetAuthCodeHeader(const std::string& auth_token); |