https://bugzilla.wikimedia.org/show_bug.cgi?id=72186
--- Comment #7 from Chris Steipp <[email protected]> --- (In reply to Brad Jorsch from comment #5) > (In reply to Bawolff (Brian Wolff) from comment #4) > > Verified, when editing from a user-agent that would be redirected to the > > mobile site, after authorizing, page gets redirected to mobile site and > > errors. > > I had suspected this, thanks for confirming. > > After some further investigation, it looks to me like it's actually a bug in > WMF's varnish layer trying to redirect mobile clients to the mobile site: it > doesn't hit on the first request that uses > /w/index.php?title=Special:OAuth/ > authorize&oauth_token=abc123&oauth_consumer_key=abc123, but the POST back to > /wiki/Special:OAuth/authorize is caught and since browsers treat a 302 > redirect as 303 rather than 307 this breaks everything. The relevant code > appears to be in the operations/puppet repo, > templates/varnish/text-frontend.inc.vcl.erb, sub mobile_redirect. Yep, this is actually a known issue. Mobile can't really redirect calls to /w/index.php, so OAuth app authors need to redirect their users to "/wiki/Special:OAuth/authorize?oauth_token=..." instead of "/w/index.php?title=...". So Max'es patch will probably work, although then the login experience on mobile isn't great. And we'll have to make sure the centralauth handshake continues to work. Or OAuth app authors can use /wiki/Special:OAuth urls, and the experience is better, but we can't control their code. Or we make a special varnish rule to allow mobile redirecting for this specific url pattern ("/w/index.php?title=Special:OAuth/authorize")... But I haven't fully thought through what else that would impact. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
