From 9606f547faccc92a55a4e18bea4030a67cb6ee1b Mon Sep 17 00:00:00 2001 From: Janosch Maier Date: Mon, 11 Apr 2022 22:20:15 +0200 Subject: [PATCH] Fix login to Office 365 Accounts --- .../onboarding/lib/onboarding-helpers.ts | 2 +- app/src/browser/main.js | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/app/internal_packages/onboarding/lib/onboarding-helpers.ts b/app/internal_packages/onboarding/lib/onboarding-helpers.ts index a83680a21..ee505186f 100644 --- a/app/internal_packages/onboarding/lib/onboarding-helpers.ts +++ b/app/internal_packages/onboarding/lib/onboarding-helpers.ts @@ -32,7 +32,7 @@ const O365_SCOPES = [ 'Calendars.ReadWrite', // calendar 'Calendars.ReadWrite.Shared', // calendar - // Future note: When you exchane the refresh token for an access token, you may + // Future note: When you exchange the refresh token for an access token, you may // request these two OR the above set but NOT BOTH, because Microsoft has mapped // two underlying systems with different tokens onto the single flow and you // need to get an outlook token and not a Micrsosoft Graph token to use these APIs. diff --git a/app/src/browser/main.js b/app/src/browser/main.js index 57ce15fc0..c8d4119c2 100644 --- a/app/src/browser/main.js +++ b/app/src/browser/main.js @@ -324,6 +324,21 @@ const start = () => { app.removeListener('open-file', onOpenFileBeforeReady); app.removeListener('open-url', onOpenUrlBeforeReady); + // Setting the Origin Header to 'localhost' when logging in on Office 365 + // Otherwise O365 will produce a 400 error on the OAuth Login Process + const filter = { + urls: ["*://login.microsoftonline.com/*"] + }; + + session.defaultSession.webRequest.onBeforeSendHeaders( + filter, + (details, callback) => { + console.log(details); + details.requestHeaders['Origin'] = 'localhost'; + callback({ requestHeaders: details.requestHeaders }); + } + ); + // Block remote JS execution in a second way in case our tag approach // is compromised somehow https://www.electronjs.org/docs/tutorial/security // This CSP string should match the one in app/static/index.html