Fix CSP failures for Microsoft social sign-in

author Milan Cvetkovic <mcvetkovic@microsoft.com>

Fri, 10 May 2024 14:11:12 +0000 (14:11 +0000)

committer Tom Hughes <tom@compton.nu>

Fri, 10 May 2024 16:40:14 +0000 (17:40 +0100)
author Milan Cvetkovic <mcvetkovic@microsoft.com>
Fri, 10 May 2024 14:11:12 +0000 (14:11 +0000)
committer Tom Hughes <tom@compton.nu>
Fri, 10 May 2024 16:40:14 +0000 (17:40 +0100)
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb

index db972101088b2a958fa0f3ffe25798fec41f1bbf..1f1cc577af3b0f0fd1e5a02ccedeb445908f4238 100644 (file)
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -17,7 +17,7 @@ class AccountsController < ApplicationController
      @tokens = current_user.oauth_tokens.authorized
  
      append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
      )
  
      if errors = session.delete(:user_errors)
@@ -32,7 +32,7 @@ class AccountsController < ApplicationController
      @tokens = current_user.oauth_tokens.authorized
  
      append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
      )
  
      user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb

index 06df8f2be074e587f6624545ce71c7183cc441ea..417991292e9414bfdea1edac2e4720aae7b928eb 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -63,7 +63,7 @@ class UsersController < ApplicationController
      parse_oauth_referer @referer
  
      append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
      )
  
      if current_user
author	Milan Cvetkovic <mcvetkovic@microsoft.com>
	Fri, 10 May 2024 14:11:12 +0000 (14:11 +0000)
committer	Tom Hughes <tom@compton.nu>
	Fri, 10 May 2024 16:40:14 +0000 (17:40 +0100)
app/controllers/accounts_controller.rb		patch \| blob \| history
app/controllers/users_controller.rb		patch \| blob \| history