1
0
mirror of https://github.com/mastodon/mastodon synced 2024-12-13 22:28:23 +09:00
mastodon/app/controllers/oauth/authorizations_controller.rb
Claire e26dd2ea8f
Add form-action CSP directive (#23478)
* Add form-action CSP directive (#20781)

* Fix OAuth flow being broken by recent CSP change (#20958)

* Fix form-action CSP directive for external login (#20962)
2023-02-09 20:56:37 +01:00

40 lines
926 B
Ruby

# frozen_string_literal: true
class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
skip_before_action :authenticate_resource_owner!
before_action :store_current_location
before_action :authenticate_resource_owner!
before_action :set_cache_headers
content_security_policy do |p|
p.form_action(false)
end
include Localized
private
def store_current_location
store_location_for(:user, request.url)
end
def render_success
if skip_authorization? || (matching_token? && !truthy_param?('force_login'))
redirect_or_render authorize_response
elsif Doorkeeper.configuration.api_only
render json: pre_auth
else
render :new
end
end
def truthy_param?(key)
ActiveModel::Type::Boolean.new.cast(params[key])
end
def set_cache_headers
response.headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
end
end