Replace login.live.com with login.microsoftonline.com in CSP allow list.
The URL changed with the move from using the omniauth-windowslive plugin
to the omniauth-microsoft_graph plugin but wasn't noticed until now.
@tokens = current_user.oauth_tokens.authorized
append_content_security_policy_directives(
@tokens = current_user.oauth_tokens.authorized
append_content_security_policy_directives(
- :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+ :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
)
if errors = session.delete(:user_errors)
)
if errors = session.delete(:user_errors)
@tokens = current_user.oauth_tokens.authorized
append_content_security_policy_directives(
@tokens = current_user.oauth_tokens.authorized
append_content_security_policy_directives(
- :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+ :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
)
user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
)
user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
parse_oauth_referer @referer
append_content_security_policy_directives(
parse_oauth_referer @referer
append_content_security_policy_directives(
- :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+ :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]