Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The BrowserID module has been broken for some time; the BrowserID assertion sent to Drupal was being dropped, so Drupal was unable to verify anything.
I'm not sure what broke. It may have been PHP, or it may have been BrowserID switching to larger assertions.
Regardless, there's a bug in the module; it inconsistently uses GET/POST for transferring data.
This patch fixes that, sending all BrowserID-related data over POST. BrowserID login now works again. Commit log:
Subject: [PATCH] Make consistent use of POST/GET
Correctly send BrowserID-related data via HTTP POST, and make sure the
module looks for POST'ed data.
Recently, BrowserID's payload become too large for a GET request. Even
though the module's JavaScript submitted a POST, it was sent as GET
data. The module also expected GET data. With the larger payload at some
point all of this stopped working.
Comment | File | Size | Author |
---|---|---|---|
0001-Make-consistent-use-of-POST-GET.patch | 3.3 KB | Samat Jain |
Comments
Comment #1
Samat Jain CreditAttribution: Samat Jain commentedChanging status to reflect patch is available (pardon the wrong patch naming—I created the patch before creating the issue.
Comment #2
IceCreamYou CreditAttribution: IceCreamYou commentedPatch looks good, I'll try to test/commit tomorrow
Comment #3
IceCreamYou CreditAttribution: IceCreamYou commentedCommitted fix to dev
I'll probably create a new stable release in the next 1-2 weeks.