tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

messengerLogin.js (2653B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 "use strict";
      6 
      7 /* globals browser */
      8 
      9 /**
     10 * Bug 1934814 - Messenger login broken with Total Cookie Protection
     11 *
     12 * The messenger login flow redirects to the Facebook page and then back to the
     13 * messenger page to finish the login. However, the redirect could get stuck in
     14 * the Facebook page for unknown reasons.
     15 *
     16 * This shim requests storage access for Facebook under the messenger page to
     17 * allow Facebook SSO login to work on the messenger page. So, there will be
     18 * no redirection and fix the login issue.
     19 */
     20 
     21 console.warn(
     22  `When logging in, Firefox calls the Storage Access API on behalf of the site. See https://bugzilla.mozilla.org/show_bug.cgi?id=1934814 for details.`
     23 );
     24 
     25 const STORAGE_ACCESS_ORIGIN = "https://www.facebook.com";
     26 
     27 document.documentElement.addEventListener(
     28  "click",
     29  e => {
     30    const { target, isTrusted } = e;
     31    if (!isTrusted) {
     32      return;
     33    }
     34    const button = target.closest("button[id=loginbutton]");
     35    if (!button) {
     36      return;
     37    }
     38 
     39    // We don't need to do anything if the button is not visible. When the login
     40    // button is hidden, the Facebook SSO login button is shown instead. In this
     41    // case, we don't need to do anything.
     42    if (
     43      !button.checkVisibility({
     44        contentVisibilityAuto: true,
     45        opacityProperty: true,
     46        visibilityProperty: true,
     47      })
     48    ) {
     49      return;
     50    }
     51 
     52    console.warn(
     53      "Calling the Storage Access API on behalf of " + STORAGE_ACCESS_ORIGIN
     54    );
     55    button.disabled = true;
     56    e.stopPropagation();
     57    e.preventDefault();
     58    document
     59      .requestStorageAccessForOrigin(STORAGE_ACCESS_ORIGIN)
     60      .then(_ => {
     61        return browser.runtime.sendMessage({
     62          message: "checkFacebookLoginStatus",
     63          shimId: "MessengerLogin",
     64        });
     65      })
     66      .then(isLoggedIn => {
     67        button.disabled = false;
     68 
     69        if (!isLoggedIn) {
     70          // We need to click the login button to continue the login flow if
     71          // the user is not logged in to Facebook.
     72          button.click();
     73        } else {
     74          // Reload the page so that the messenger page will show Facebook SSO
     75          // button instead of the login button.
     76          location.reload();
     77        }
     78      })
     79      .catch(() => {
     80        button.disabled = false;
     81        // Continue the login flow if the storage access is denied by clicking
     82        // the button again.
     83        button.click();
     84      });
     85  },
     86  true
     87 );