Add form-action CSP directive (#23478)

* Add form-action CSP directive (#20781)

* Fix OAuth flow being broken by recent CSP change (#20958)

* Fix form-action CSP directive for external login (#20962)

app/controllers/oauth/authorizations_controller.rb

@@ -7,6 +7,10 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
   before_action :authenticate_resource_owner!
   before_action :set_cache_headers
 
+  content_security_policy do |p|
+    p.form_action(false)
+  end
+
   include Localized
 
   private