Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857)

Browse source
This commit is contained in:
CSDUMMI 2023-09-12 13:04:51 +02:00 committed by GitHub
parent 93223633fc
commit 9a70cac9de
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/concerns/web_app_controller_concern.rb
View file

@ -11,7 +11,7 @@ module WebAppControllerConcern
end
def skip_csrf_meta_tags?
!(ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1) && current_user.nil?
!(ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1) && current_user.nil?
end
def set_app_body_class