When you click the login button, the following function is called: launchPopup=f... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dontreact on Nov 11, 2014 \| parent \| context \| favorite \| on: Foobar When you click the login button, the following function is called: launchPopup=function(){ window.open("/login/","AppLogin","resizable,scrollbars,status,width=600,height=400")} Which opens https://foobar.withgoogle.com/login There, an object a: a = { `message: '<span class="term-red">Error(6): Login unavailable. Try again later.</span>', logoutUrl: 'https://foobar.withgoogle.com/_ah/logout?continue=https://www.google.com/accounts/Logout%3Fcontinue%3Dhttps://appengine.google.com/_ah/logout%253Fcontinue%253Dhttps://foobar.withgoogle.com/denied/%26service%3Dah', redirectUrl: '/denied/', allow: false }` Is passed to the original window's handleAuth function: window.handleAuth=function(a){ a.logoutUrl?window.location.href=a.redirectUrl:window.location.reload()} It seems that the allow property of the object passed is never checked :(

dontreact on Nov 11, 2014 [–]

Put more simply, you can redefine the handleAuth function to automatically set the allow property to true

window.handleAuth=function(a){ a.allow = true; a.logoutUrl?window.location.href=a.redirectUrl:window.location.reload()}

and then click the button.

But it won't help for the reasons explained above.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact