Allow form post to third party authentication providers

author Tom Hughes <tom@compton.nu>

Sat, 6 Feb 2021 11:06:47 +0000 (11:06 +0000)

committer Tom Hughes <tom@compton.nu>

Sat, 6 Feb 2021 11:10:14 +0000 (11:10 +0000)
author Tom Hughes <tom@compton.nu>
Sat, 6 Feb 2021 11:06:47 +0000 (11:06 +0000)
committer Tom Hughes <tom@compton.nu>
Sat, 6 Feb 2021 11:10:14 +0000 (11:10 +0000)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb

index a1129339eb71d7e0d5fe14a34f9a014a5d4b2eee..0538d04093a96fc0eba38e6a62d585edcfe79532 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -270,6 +270,10 @@ class UsersController < ApplicationController
    end
  
    def login
+    append_content_security_policy_directives(
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+    )
+
      session[:referer] = safe_referer(params[:referer]) if params[:referer]
  
      if params[:username].present? && params[:password].present?
author	Tom Hughes <tom@compton.nu>
	Sat, 6 Feb 2021 11:06:47 +0000 (11:06 +0000)
committer	Tom Hughes <tom@compton.nu>
	Sat, 6 Feb 2021 11:10:14 +0000 (11:10 +0000)