search

pp-work / Vanilla-PirateWeb-Plugin

A plugin to support PirateWeb authorisation in vanilla forums
0 stars 1 forks source link

Remove popup #1

Open emilv opened 9 years ago

emilv commented 9 years ago

Is there some way to make the login process not use popups? Getting a popup in this day and age is pretty confusing.

Pajn commented 9 years ago

As we want the login process to be handled completely by PirateWeb I have a hard time seeing another solution, especially as sites like Facebook, Google and Twitter uses the same procedure when using their corresponding SSO auth function. However suggestions are welcome.

The reason we want the login process to be handled completely by PirateWeb is of security reasons, by doing this there are no way for the forum to intercept your PirateWeb password. Not even an XSS attack on the forum could get your password thanks to the same-origin policy of the browser.

emilv commented 9 years ago

To be clear, I have nothing against sending the user to the login page. But we should do it in the same browser window as most solutions I've seen. So they leave Vanilla for Pirateweb, sign in, gets redirected back to Vanilla.