From 707ebddbb5da007406ae04e9a418882fc278be01 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 17 Jan 2022 09:33:28 +0000
Subject: [PATCH] Remove form_action restrictions for
 ouath2_authorizations#create

Fixes #3424
---
 .rubocop_todo.yml                                   | 1 +
 app/controllers/oauth2_authorizations_controller.rb | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index b60dd5332..8c0827ab7 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -161,6 +161,7 @@ Rails/HelperInstanceVariable:
 Rails/LexicallyScopedActionFilter:
   Exclude:
     - 'app/controllers/oauth2_applications_controller.rb'
+    - 'app/controllers/oauth2_authorizations_controller.rb'
 
 # Offense count: 5
 # Configuration parameters: Include.
diff --git a/app/controllers/oauth2_authorizations_controller.rb b/app/controllers/oauth2_authorizations_controller.rb
index b851d19b2..54a63fc84 100644
--- a/app/controllers/oauth2_authorizations_controller.rb
+++ b/app/controllers/oauth2_authorizations_controller.rb
@@ -3,12 +3,13 @@ class Oauth2AuthorizationsController < Doorkeeper::AuthorizationsController
 
   prepend_before_action :authorize_web
   before_action :set_locale
+  before_action :allow_all_form_action, :only => [:new, :create]
 
   authorize_resource :class => false
 
-  def new
-    override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url)
+  private
 
-    super
+  def allow_all_form_action
+    override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url)
   end
 end
-- 
2.45.1