Bugfix: Chrome login fails with 400 request headers too long #525

src/hello.js

@@ -368,12 +368,29 @@ hello.utils.extend(hello, {
 		parseInt(provider.oauth.version, 10) < 2 ||
 		(opts.display === 'none' && provider.oauth.grant && session && session.refresh_token)) {
 
-			// Add the oauth endpoints
-			p.qs.state.oauth = provider.oauth;
-
-			// Add the proxy url
-			p.qs.state.oauth_proxy = opts.oauth_proxy;
-
+			// Store oauth config in sessionStorage to avoid large URL headers in Chrome
+			// Only pass a reference ID in the state parameter
+			var stateId = 'oauth_state_' + p.network + '_' + Date.now();
+
+			try {
+				if (window.sessionStorage) {
+					window.sessionStorage.setItem(stateId, JSON.stringify({
+						oauth: provider.oauth,
+						oauth_proxy: opts.oauth_proxy
+					}));
+					p.qs.state.oauth_state_id = stateId;
+				}
+				else {
+					// Fallback: include oauth data directly if sessionStorage unavailable
+					p.qs.state.oauth = provider.oauth;
+					p.qs.state.oauth_proxy = opts.oauth_proxy;
+				}
+			}
+			catch (e) {
+				// Fallback: include oauth data directly if sessionStorage fails
+				p.qs.state.oauth = provider.oauth;
+				p.qs.state.oauth_proxy = opts.oauth_proxy;
+			}
 		}
 
 		// Convert state to a string
@@ -1155,6 +1172,22 @@ hello.utils.extend(hello.utils, {
 			try {
 				var state = JSON.parse(p.state);
 
+				// Retrieve oauth config from sessionStorage if oauth_state_id is present
+				if (state.oauth_state_id && window.sessionStorage) {
+					try {
+						var storedOAuthState = JSON.parse(window.sessionStorage.getItem(state.oauth_state_id));
+						if (storedOAuthState) {
+							state.oauth = storedOAuthState.oauth;
+							state.oauth_proxy = storedOAuthState.oauth_proxy;
+							// Clean up sessionStorage
+							window.sessionStorage.removeItem(state.oauth_state_id);
+						}
+					}
+					catch (e) {
+						// Continue with state as is if sessionStorage retrieval fails
+					}
+				}
+
 				// Add this path as the redirect_uri
 				p.redirect_uri = state.redirect_uri || location.href.replace(/[\?\#].*$/, '');
 
@@ -1285,6 +1318,13 @@ hello.utils.extend(hello.utils, {
 
 			// If this is a page request it has no parent or opener window to handle callbacks
 			if (('display' in obj) && obj.display === 'page') {
+				// Emit error event for page display mode if error exists
+				if (obj.error) {
+					hello.emit('error', {
+						network: network,
+						error: obj.error
+					});
+				}
 				return;
 			}
 
@@ -1452,6 +1492,14 @@ hello.utils.Event.call(hello);
 				continue;
 			}
 
+			// Check for errors in session
+			else if (session.error && !oldSess.error) {
+				// Emit the error event
+				hello.emit('error', {
+					network: name,
+					error: session.error
+				});
+			}
 			// Access_token has been removed
 			else if (!session.access_token && oldSess.access_token) {
 				emit('logout');

src/modules/instagram.js

@@ -15,7 +15,32 @@
 
 			// Refresh the access_token once expired
 			refresh: true,
-
+		logout: function(callback) {
+			// Instagram now requires POST method for logout instead of GET
+			// Using form submission via iframe to handle the logout
+			var form = document.createElement('form');
+			form.method = 'POST';
+			form.action = 'https://www.instagram.com/accounts/logout/';
+			form.style.display = 'none';
+
+			var iframe = document.createElement('iframe');
+			iframe.name = 'logout_frame';
+			iframe.style.display = 'none';
+			document.body.appendChild(iframe);
+
+			form.target = 'logout_frame';
+			document.body.appendChild(form);
+
+			// Submit the form
+			form.submit();
+
+			// Clean up after a short delay
+			setTimeout(function() {
+				document.body.removeChild(form);
+				document.body.removeChild(iframe);
+				callback();
+			}, 1000);
+		},
 			scope: {
 				basic: 'basic',
 				photos: '',