From 850f50f5157695a01e300d3e8b5f35aa361e0fb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no>
Date: Tue, 30 Jul 2019 10:44:12 +0200
Subject: [PATCH] Enhance the SAML response post page.
Make it a bit better for those with javascript disabled, and add a CSP.
---
templates/post.twig | 64 +++++++++++++++++++++++----------------------
1 file changed, 33 insertions(+), 31 deletions(-)
diff --git a/templates/post.twig b/templates/post.twig
index 68b2840c4..b35759eca 100644
--- a/templates/post.twig
+++ b/templates/post.twig
@@ -1,38 +1,40 @@
-<!DOCTYPE html>
-<html>
- <head>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" {# -#}
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta charset="utf-8"/>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+ <meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'unsafe-inline'"/>
+ <link rel="icon" href="/{{ baseurlpath }}resources/icons/favicon.ico">
+ <title>{% trans %}Sending message{% endtrans %}</title>
<script src="/{{ baseurlpath }}resources/post.js"></script>
- <link rel="stylesheet" href="/{{ baseurlpath }}resources/post.css">
- </head>
- <body>
+ </head>
+ <body>
+ <form method="post" action="{{ destination }}">
+ {#- We need to add this element and call the click method, because calling submit() on the form causes failed
+ submissions if the form has another element with name or id of submit. See:
+ https://developer.mozilla.org/en/DOM/form.submit#Specification
+ #}
- <noscript>
- <p><strong>Note:</strong>
- Since your browser does not support JavaScript,
- you must press the button below once to proceed.</p>
- </noscript>
+ <input type="submit" id="postLoginSubmitButton" style="display: none"/>
+ {%- for name, value in post %}
+ {%- if value is iterable %}
+ {%- for index, item in value %}
- <form method="post" action="{{ destination }}">
- <!-- Need to add this element and call click method, because calling
- submit() on the form causes failed submission if the form has another
- element with name or id of submit.
- See: https://developer.mozilla.org/en/DOM/form.submit#Specification -->
- <input type="submit" id="postLoginSubmitButton">
+ <input type="hidden" name="{{ name }}[{{ index }}]" value="{{ value }}"/>
+ {%- endfor %}
+ {%- else %}
- {% for name, value in post %}
- {% if value is iterable %}
- {% for index, item in value %}
- <input type="hidden" name="{{ name }}[{{ index }}]" value = "{{ value }}">
- {% endfor %}
- {% else %}
- <input type="hidden" name="{{ name }}" value = "{{ value }}">
- {% endif %}
- {% endfor %}
+ <input type="hidden" name="{{ name }}" value="{{ value }}"/>
+ {%- endif %}
+ {%- endfor %}
- <noscript>
- <button type="submit" class="btn">Continue</button>
- </noscript>
+ <noscript>
+ <h2>{% trans %}Warning{% endtrans %}</h2>
+ <p>{% trans %}Since your browser does not support Javascript, you must press the button below to proceed.{%
+ endtrans %}</p>
+ <button type="submit">{% trans %}Yes, continue{% endtrans %}</button>
+ </noscript>
</form>
-
- </body>
+ </body>
</html>
--
GitLab