From b96f3867e61dad3d7f14a0d8da01ea0cab1c83ec Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 18 May 2021 12:12:04 +0100
Subject: [PATCH 1/1] Allow OAuth 2 authorizations to redirect to anywhere

---
 app/controllers/oauth2_authorizations_controller.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/controllers/oauth2_authorizations_controller.rb b/app/controllers/oauth2_authorizations_controller.rb
index 9c2bce2d1..b851d19b2 100644
--- a/app/controllers/oauth2_authorizations_controller.rb
+++ b/app/controllers/oauth2_authorizations_controller.rb
@@ -5,4 +5,10 @@ class Oauth2AuthorizationsController < Doorkeeper::AuthorizationsController
   before_action :set_locale
 
   authorize_resource :class => false
+
+  def new
+    override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url)
+
+    super
+  end
 end
-- 
2.45.2