oauth_facebook_login: update # hack to be compatible with Zope4 redirects

Zope4 uses urlparse + urlunparse to encode the URL, which has a side effect of removing the empty fragment from the URL. Using a lower level API to set the status code and the Location header we achieve the same result.

oauth_facebook_login: update # hack to be compatible with Zope4 redirects
Zope4 uses urlparse + urlunparse to encode the URL, which has a side effect of removing the empty fragment from the URL. Using a lower level API to set the status code and the Location header we achieve the same result.
1fa85d5f · Jérome Perrin · cde16e78 · 1fa85d5f
Commit 1fa85d5f authored Jul 13, 2022 by Jérome Perrin
Showing with 5 additions and 1 deletion

bt5/erp5_oauth_facebook_login/SkinTemplateItem/portal_skins/erp5_oauth_facebook_login/ERP5Site_callbackFacebookLogin.py ...p5_oauth_facebook_login/ERP5Site_callbackFacebookLogin.py +5 -1

No files found.
--- a/bt5/erp5_oauth_facebook_login/SkinTemplateItem/portal_skins/erp5_oauth_facebook_login/ERP5Site_callbackFacebookLogin.py
+++ b/bt5/erp5_oauth_facebook_login/SkinTemplateItem/portal_skins/erp5_oauth_facebook_login/ERP5Site_callbackFacebookLogin.py
@@ -49,6 +49,10 @@ elif code is not None:
    # https://stackoverflow.com/questions/7131909/facebook-callback-appends-to-return-url/33257076#33257076
    # https://lab.nexedi.com/nexedi/erp5/merge_requests/417#note_64365
    came_from = request.get("came_from",  portal.absolute_url() + "#")
-    return response.redirect(came_from)
+    # Don't use response.redirect, as it normalize the URL (in Zope4) and remove the
+    # empty fragment - which is an equivalent URL, but for this special case we want to keep the #
+    response.setStatus(302, lock=True)
+    response.setHeader('Location', came_from)
+    return came_from

 return handleError('')