From 1fa85d5f9da13c4f08fef211842b385835340dbc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Wed, 13 Jul 2022 00:21:23 +0900
Subject: [PATCH] oauth_facebook_login: update # hack to be compatible with
 Zope4 redirects

Zope4 uses urlparse + urlunparse to encode the URL, which has a side
effect of removing the empty fragment from the URL. Using a lower level
API to set the status code and the Location header we achieve the same
result.
---
 .../ERP5Site_callbackFacebookLogin.py                       | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/bt5/erp5_oauth_facebook_login/SkinTemplateItem/portal_skins/erp5_oauth_facebook_login/ERP5Site_callbackFacebookLogin.py b/bt5/erp5_oauth_facebook_login/SkinTemplateItem/portal_skins/erp5_oauth_facebook_login/ERP5Site_callbackFacebookLogin.py
index 7f07044410..36314ff69a 100644
--- a/bt5/erp5_oauth_facebook_login/SkinTemplateItem/portal_skins/erp5_oauth_facebook_login/ERP5Site_callbackFacebookLogin.py
+++ b/bt5/erp5_oauth_facebook_login/SkinTemplateItem/portal_skins/erp5_oauth_facebook_login/ERP5Site_callbackFacebookLogin.py
@@ -49,6 +49,10 @@ elif code is not None:
     # https://stackoverflow.com/questions/7131909/facebook-callback-appends-to-return-url/33257076#33257076
     # https://lab.nexedi.com/nexedi/erp5/merge_requests/417#note_64365
     came_from = request.get("came_from",  portal.absolute_url() + "#")
-    return response.redirect(came_from)
+    # Don't use response.redirect, as it normalize the URL (in Zope4) and remove the
+    # empty fragment - which is an equivalent URL, but for this special case we want to keep the #
+    response.setStatus(302, lock=True)
+    response.setHeader('Location', came_from)
+    return came_from
 
 return handleError('')
-- 
2.30.9