Merge pull request #529 from hypothesis/use-oauth-if-cookies-blocked

Always use OAuth if cookie storage is blocked

Merge pull request #529 from hypothesis/use-oauth-if-cookies-blocked
Always use OAuth if cookie storage is blocked
577f7472 · Robert Knight · GitHub · 57ee8fa0 · db1e1924 · 577f7472
Commit 577f7472 authored Sep 06, 2017 by Robert Knight Committed by GitHub Sep 06, 2017
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 0 deletions

app.js src/sidebar/app.js +14 -0

No files found.
--- a/src/sidebar/app.js
+++ b/src/sidebar/app.js
@@ -113,10 +113,24 @@ function processAppOpts() {
  }
 }
+function canSetCookies() {
+  // Try to add a short-lived cookie. Note the `document.cookie` setter has
+  // unusual semantics, this doesn't overwrite other cookies.
+  document.cookie = 'cookie-setter-test=1;max-age=5';
+  return document.cookie.indexOf('cookie-setter-test=1') !== -1;
+}
 function shouldUseOAuth() {
  if (serviceConfig(settings)) {
+    // If the host page supplies annotation service configuration, including a
+    // grant token, use OAuth.
+    return true;
+  }
+  if (!canSetCookies()) {
+    // If cookie storage is blocked by the browser, we have to use OAuth.
    return true;
  }
+  // Otherwise, use OAuth only if the feature flag is enabled.
  return settings.oauthClientId && settings.oauthEnabled;
 }