My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 102: Remove iframe usage in OpenID authentication
  Back to list
Status:  Released
Owner:  code-rev...@gtempaccount.com
Closed:  Oct 2012


Sign in to add a comment
 
Reported by code-rev...@gtempaccount.com, Sep 24, 2009
Reported by Shawn Pearce <sop@google.com> on Tue Mar 10 17:29:00 PDT 2009
Source: JIRA GERRIT-102
Affected Version: 2.0.7

While trying to login through Yahoo as an OpenID provider, I'll get redirected
to Yahoo's web page and I'm able to check the certificate in my browser. When
using Google though, I get everything inside an Iframe and it's hard for the
user to see the URL and the certificate of the server to which she'll send her
credentials. Since gerrit is access through HTTP, even a user trusting this
particular gerrit server but not the network will not be able to trust the
website he's giving his credentials to.
Sep 24, 2009
#1 code-rev...@gtempaccount.com
Comment by Shawn Pearce <sop@google.com> on Tue Mar 10 17:30:06 PDT 2009

To do this right we should somehow cache the line number the user clicked on
in the side-by-side or unified diff views and come back to that to create the
editor during the return load.
Sep 24, 2009
#2 code-rev...@gtempaccount.com
Comment by Shawn Pearce <sop@google.com> on Tue Mar 10 20:31:16 PDT 2009

Fixed by

  https://review.source.android.com/9121
  https://review.source.android.com/9122
Sep 24, 2009
#3 code-rev...@gtempaccount.com
Update by Shawn Pearce <sop@google.com> on Tue Mar 10 20:31:16 PDT 2009

Fixed in version 2.0.7.
Status: Fixed
Sep 25, 2009
#4 code-rev...@gtempaccount.com
(No comment was entered for this change.)
Labels: FixedIn-2.0.7
Oct 25, 2012
#5 sop@google.com
(No comment was entered for this change.)
Status: Released
Sign in to add a comment

Powered by Google Project Hosting