chinwag/chinwagsocial
chinwag/chinwagsocial
2
0
Fork 0
Code Issues Pull requests Releases 14 Wiki Activity

Add form-action CSP directive (#23478)

Browse source 
* Add form-action CSP directive (#20781)

* Fix OAuth flow being broken by recent CSP change (#20958)

* Fix form-action CSP directive for external login (#20962)
This commit is contained in:
Claire 2023-02-09 20:56:37 +01:00 committed by GitHub
commit e26dd2ea8f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/auth/sessions_controller.rb
View file

@ -12,6 +12,10 @@ class Auth::SessionsController < Devise::SessionsController
before_action :set_instance_presenter, only: [:new]
before_action :set_body_classes
content_security_policy only: :new do |p|
p.form_action(false)
end
def create
super do |resource|
# We only need to call this if this hasn't already been

4
app/controllers/oauth/authorizations_controller.rb
View file

@ -7,6 +7,10 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
before_action :authenticate_resource_owner!
before_action :set_cache_headers
content_security_policy do |p|
p.form_action(false)
end
include Localized
private