| Issue 102: | Remove iframe usage in OpenID authentication | |
| Back to list |
Reported by Shawn Pearce <sop@google.com> on Tue Mar 10 17:29:00 PDT 2009 Source: JIRA GERRIT-102 Affected Version: 2.0.7 While trying to login through Yahoo as an OpenID provider, I'll get redirected to Yahoo's web page and I'm able to check the certificate in my browser. When using Google though, I get everything inside an Iframe and it's hard for the user to see the URL and the certificate of the server to which she'll send her credentials. Since gerrit is access through HTTP, even a user trusting this particular gerrit server but not the network will not be able to trust the website he's giving his credentials to.
Sep 24, 2009
#1
code-rev...@gtempaccount.com
Sep 24, 2009
Comment by Shawn Pearce <sop@google.com> on Tue Mar 10 20:31:16 PDT 2009 Fixed by https://review.source.android.com/9121 https://review.source.android.com/9122
Sep 24, 2009
Update by Shawn Pearce <sop@google.com> on Tue Mar 10 20:31:16 PDT 2009 Fixed in version 2.0.7.
Status:
Fixed
Sep 25, 2009
(No comment was entered for this change.)
Labels:
FixedIn-2.0.7
Oct 25, 2012
(No comment was entered for this change.)
Status:
Released
|
|
| ► Sign in to add a comment |