Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Safari CORS with Facebook & potentially other providers #208

merged 3 commits into from Apr 30, 2016


Copy link

ldesplat commented Apr 23, 2016

Based on #206 and Fixes #191.

Could I get someone to review this?

The crux of the issue is that Safari, due to CORS and the way Facebook sometimes does the redirect, it will not send the state cookie along. So, when we see no token (usually happens during development due to bad settings), we attempt to refresh the page using the meta keyword (not using javascript) and this ensures that Safari sends us the cookie.

We attempt to not have infinite loops with adding the refresh query parameter.

@ldesplat ldesplat added this to the 7.6.1 milestone Apr 23, 2016
@ldesplat ldesplat added the bug label Apr 23, 2016
@ldesplat ldesplat merged commit 951ccec into hapijs:master Apr 30, 2016
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed

This comment has been minimized.

Copy link

hueniverse commented May 25, 2016

@ldesplat Any reason this wasn't applied to OAuth 1.0 as well? I think I'm seeing this issue with a few Twitter requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
3 participants
You can’t perform that action at this time.