Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857)

Browse source
This commit is contained in:
CSDUMMI 2023-09-12 13:04:51 +02:00 committed by GitHub
parent 93223633fc
commit 9a70cac9de
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/serializers/initial_state_serializer.rb
View file

@ -113,6 +113,6 @@ class InitialStateSerializer < ActiveModel::Serializer
end
def sso_redirect
"/auth/auth/#{Devise.omniauth_providers[0]}" if ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1
"/auth/auth/#{Devise.omniauth_providers[0]}" if ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1
end
end