I am using a very simple instance of GAE from the Greasemonkey script. This has worked fine for the past months, but now the path is added to the final “continue” location, which disrupts the login process for me.
The main workflow, assuming the user is logged in to his Google account, but his token for the GAE instance has been exhausted:
- The user opens page A with the GM script installed.
- The GM script runs and tries to access the GAE instance using GM_xmlhttpRequest ().
- The GAE instance returns "login_needed | <loginurl>". The GM script extracts the loginurl and sets
window.location on it. - The user is redirected to loginurl and eventually returns to A. However, this time the actual data is returned by GM_xmlhttpRequest ().
The last step no longer works, as the user is now redirected to loginurl plus several , which gives 404 on the target site.
The GAE code is about half the code screen. The corresponding authentication code is as follows:
if not users.get_current_user(): self.response.headers['Content-Type'] = 'text/plain' self.response.out.write('login_needed|'+users.create_login_url(self.request.get('uri')))
The sequence of requests is as follows: everything is caused by a redirect:
- GET https://mygaeinstance.appspot.com/?uri=https://targetsite.com/
- GET https://www.google.com/accounts/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://targetsite. com / & ltmpl = gm & ahname = MyGAEInstance & sig = <some sig>
- GET https://appengine.google.com/_ah/conflogin?continue=https%3A%2F%2Ftargetsite.com%2F&pli=1&auth=<some base64 auth token>
- GET https://targetsite.com/_ah/conflogin?state=<some base64 state>
targetite.com does not like this path, and as you can see, it was not in the original “continue” argument passed to appengine.google.com, which was just “https://targetsite.com/”, What I did wrong and how can i fix it?
Henrik heimbuerger
source share