The BrowserID module has been broken for some time; the BrowserID assertion sent to Drupal was being dropped, so Drupal was unable to verify anything.

I'm not sure what broke. It may have been PHP, or it may have been BrowserID switching to larger assertions.

Regardless, there's a bug in the module; it inconsistently uses GET/POST for transferring data.

This patch fixes that, sending all BrowserID-related data over POST. BrowserID login now works again. Commit log:

Subject: [PATCH] Make consistent use of POST/GET

Correctly send BrowserID-related data via HTTP POST, and make sure the
module looks for POST'ed data.

Recently, BrowserID's payload become too large for a GET request. Even
though the module's JavaScript submitted a POST, it was sent as GET
data. The module also expected GET data. With the larger payload at some
point all of this stopped working.
CommentFileSizeAuthor
0001-Make-consistent-use-of-POST-GET.patch3.3 KBSamat Jain

Comments

Samat Jain’s picture

Samat Jain commented
Status: Active » Needs review

Changing status to reflect patch is available (pardon the wrong patch naming—I created the patch before creating the issue.

icecreamyou’s picture

icecreamyou commented

Patch looks good, I'll try to test/commit tomorrow

icecreamyou’s picture

icecreamyou commented
Status: Needs review » Fixed

Committed fix to dev

I'll probably create a new stable release in the next 1-2 weeks.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.