access_denied in facebook login

[Alex Arshavski]

I have a Horizon/React webapp which has a facebook login. 

The login worked great till yesterday, when it just started to go to facebook page without redirecting back to my app. 

The url that I saw look like:

https://www.facebook.com/login.php?skip_api_login=1&api_key=...&signed_next=1&next=https%3A%2F%2Fwww.facebook.com%2Fv2.6%2Fdialog%2Foauth%3Fredirect_uri%3D...%26response_type%3Dcode%26...%26ret%3Dlogin%26...facebook%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied%26...display=page&locale=en_US...#/?_k=og494k

What is strange is that access_denied and user_denied parts.

I did not denied the app in my login page. It just stopped working.

Any ideas how it can be fixed?

The login works on Firefox but not on Chrome or Safari.

[PhistucK]

Have you tried clearing cache and website data (cookies) first?

Does it fail on any device (not just yours)?

Anyway, without seeing actual code, it is very hard to help.

I think stackoverflow.com is a better place for such questions (you will need to show some code there as well). If you find that this is a Chrome and Safari specific issue (which usually means it originates in WebKit) and not a coding issue, you can report it at crbug.com for Chrome and bugs.webkit.org for Safari (but again, you will have to show some code).

☆PhistucK

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

[Alex Arshavski]

Hi. Thanks for the reply.

Yes, I tried to clear the cache (it didn't help) and It fail on any device.

I have horizon/react app. The actual code is:

var Content = React.createClass({
 facebook_login: function() {
 this.props.data.horizon.authEndpoint('facebook').subscribe((endpoint) => {
 window.location.pathname = endpoint;
 });
 },
 google_login: function() {
 this.props.data.horizon.authEndpoint('google').subscribe((endpoint) => {
 window.location.pathname = endpoint;
 });
 },
 render: function() {
 return (
 ...
 <Link className="google_signin button" to="#" onClick={this.google_login}>
 <i className="fa fa-google"/>
 Sign in with Google
 </Link>
 <Link className="facebook_signin button" to="#" onClick={this.facebook_login}>
 <i className="fa fa-facebook"/>
 Sign in with Facebook
 </Link>
 ... )
 }
});

And the google login works just fine.

I tried asking in stackoverflow, but no response there.

Regards, Alex A.

[PhistucK]

While this seems not interoperable, I think Chrome behaves according to the specification (perhaps this was only changed recently).

https://html.spec.whatwg.org/multipage/browsers.html#dom-location-pathname (see the setter)

Which leads to https://url.spec.whatwg.org/#concept-basic-url-parser.

Specifically - "Otherwise, UTF-8 percent encode c using the default encode set, and append the result to buffer.".

In short, you are setting location.pathname to something that is not just a path component of the URL, but a search component of the URL (the part after the question mark, so in http://w.com/www?qqq. www is the path component and qqq (or maybe ?qqq, I do not remember) is the search component).

Firefox does not encode the question marks, Chrome does. Internet Explorer, by the way, throws an exception about an invalid URL due to the question mark.

It looks like you should really use location.href instead, since you are not looking to preserve any part of the URL at all here.

☆PhistucK