Switch to using rails builtin content security policy support

[rails.git] / app / controllers / users_controller.rb

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 688692b051ab3862f07263d3458163df6bc59220..186e06120e0f70de52db61d112ec88c82240b9c5 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -17,7 +17,9 @@ class UsersController < ApplicationController
   before_action :check_database_writable, :only => [:new, :go_public]
   before_action :require_cookies, :only => [:new]
   before_action :lookup_user_by_name, :only => [:set_status, :destroy]
-  before_action :allow_thirdparty_images, :only => [:show]
+
+  allow_thirdparty_images :only => :show
+  allow_social_login :only => :new
 
   ##
   # display a list of users matching specified criteria
@@ -58,10 +60,6 @@ class UsersController < ApplicationController
 
     parse_oauth_referer @referer
 
-    append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
-    )
-
     if current_user
       # The user is logged in already, so don't show them the signup
       # page, instead send them to the home page