<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="googlebot" content="noindex"> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <title>Login transfer</title> <link rel="stylesheet" type="text/css" href="https://gcs-assets.fitbit.com/prod/app.login.transferLoginState.0.css.dd75d2b055cd2da9b9534e2d7cb26c94.css" charset="utf-8"/> <script src="https://accounts.fitbit.com/client.js"></script> </head> <body> <span id="pageLoadingScreen" class="loading"></span> </body> <script> function postAjax(url, params, success, fail) { ajaxCall('POST', url, params, success, fail) } function ajaxCall(method, url, params, success, fail) { var xhr = new XMLHttpRequest(); xhr.open(method, url, true); xhr.addEventListener("load", function() { if (xhr.status !== 200) { fail(xhr.responseText); } else { success(xhr.responseText); } }); xhr.addEventListener("error", function() { fail(); }); xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); xhr.send(params); return xhr; } </script> <script> window.onload = function transfer() { if (window.Fitbit) { Fitbit.setLocale("en_SG"); const recaptchaToken = ""; if (recaptchaToken) { Fitbit.setRecaptchaToken(recaptchaToken); } var host = document.location.protocol + "//" + document.location.host; if (document.location.port && host.indexOf(":") < 0) { host += ":" + document.location.port; } var redirectParam = 'https%3A%2F%2Fcommunity.fitbit.com%2Ft5%2Fnotifications%2Fnotifymoderatorpage%2Fmessage-uid%2F5683561%3Fnobounce%3D'; var redirect = redirectParam !== '' && redirectParam !== 'null' ? redirectParam : host; var transferLocation = host + "/login/transferpage?redirect=" + encodeURIComponent(redirect); var webView = 'false' === 'true'; var isSignup = 'false' === 'true'; if(isSignup) { Fitbit.fbCreateAccount(true, transferLocation, false, webView); } else { var logoutURI = host + "/logout/transferpage"; Fitbit.fbIsUserAuthenticated(true, transferLocation, webView).then(function () { Fitbit.fbGetCurrentAccessToken() .then(function (stt) { if (stt) { var transferRequestURI = host + "/login/transfer"; var transferRequestParams = "stt=" + stt + "&csrfToken=719eec79b82a45c6adda0feaae46206a" + "&redirect=" + redirect; postAjax(transferRequestURI, transferRequestParams, function (response) { var parsedData = JSON.parse(response); var redirectURL = parsedData.newRedirectURL; // Allowlist validation var allowedUrls = ["https%3A%2F%2Fwww.fitbit.com%2Fdashboard", "https%3A%2F%2Fwww.fitbit-stage.com%2Fdashboard", "https%3A%2F%2Fwww.fitbit-int.com%2Fdashboard", "https%3A%2F%2Fwww.fitbit-perf.com%2Fdashboard"]; const isRedirectAllowed = allowedUrls.some(domain => redirectURL.startsWith(domain)); if (isRedirectAllowed) { window.location = decodeURIComponent(redirectURL); } else { window.location = decodeURIComponent(redirect); } }, function () { window.location = logoutURI; } ); } }) .catch(function(){ window.location = logoutURI; }); }); } } } </script> </html>