Allow 'wagtailadmin_sprite' url to bypass 2FA #2
Conversation
Wagtail attempts to load SVG sprites from this url and injects them into the browsers DOM. When this url is guarded by 2FA, the HTML of the 2FA verification page is injected into the DOM instead. This results in a duplicate form on the page.
|
Short screenrecording of the issue this is fixing Screen.Recording.2023-08-01.at.11.59.21.AM.mov |
|
Can confirm that we have this issue as well. |
|
@saevarom if you are interested, I've created a fork with Wagtail 5.1 support for one of my clients here: https://github.com/techonomydev/wagtail-2fa/commits/v3.0.0/ (not guaranteeing this fork will remain available indefinitely, but feel free to create a fork of my fork 😉) I'm trying to get in touch with Lab Digital, the original creators of wagtail-2fa to try and see if we can transfer maintainership to Wagtail Nest. Keep an eye on the #wagtail-nest channel on Wagtail's Slack for progress updates! |
|
OK thank you @Stormheg Right now we feel that it is safer for our client to just package the wagtail-2fa app within their repository and then revert to a public release once the project has reached a more maintainable status. |
|
Merged, thanks! |
Wagtail attempts to load SVG sprites from this url and injects them into the browsers DOM. When this url is guarded by 2FA, the HTML of the 2FA verification page is injected into the DOM instead. This results in a duplicate form on the page.