techhub/mastodon
2
0
Fork 0
Code Activity

Fix #26849 by adding the domain of the current SSO provider to the form-action CSP (#26857)

Browse Source
This commit is contained in:
CSDUMMI
2023-09-12 13:04:51 +02:00
committed by GitHub
parent 93223633fc
commit 9a70cac9de
3 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/concerns/web_app_controller_concern.rb
View File

@@ -11,7 +11,7 @@ module WebAppControllerConcern
end
def skip_csrf_meta_tags?
!(ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1) && current_user.nil?
!(ENV['ONE_CLICK_SSO_LOGIN'] == 'true' && ENV['OMNIAUTH_ONLY'] == 'true' && Devise.omniauth_providers.length == 1) && current_user.nil?
end
def set_app_body_class