Completely remove form-action restrictions for OAuth callbacks
authorTom Hughes <tom@compton.nu>
Wed, 23 May 2018 11:09:21 +0000 (12:09 +0100)
committerTom Hughes <tom@compton.nu>
Wed, 23 May 2018 11:09:21 +0000 (12:09 +0100)
commit5deba2782a57a8d84024c941bf0a31b7c0b64c49
tree4a9c8b7726bbebaf9dcc2014d00ec3ee08b26152
parent4634c6bc4233641e84d78b728a69ce4aba49fa7c
Completely remove form-action restrictions for OAuth callbacks

The CSP3 draft only allows a * rule match network schemes and
mobile devices often use callbacks to custom URL schemes.
app/controllers/oauth_controller.rb