Really remove login.live.com from CSP allow list

[rails.git] / app / controllers / users_controller.rb

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 417991292e9414bfdea1edac2e4720aae7b928eb..2cdec642d33ed8a4876defd7f53100b97b1d18f6 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -63,7 +63,7 @@ class UsersController < ApplicationController
     parse_oauth_referer @referer
 
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.microsoftonline.com github.com meta.wikimedia.org]
     )
 
     if current_user