cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow redirects to authentication services from the settings page

Browse source 
Chrome and Safari require redirects to match the form-action rule
as well as the original submission address.
This commit is contained in:
Tom Hughes 2020-10-29 21:25:47 +00:00
parent 484cb3f415
commit 20ce10a9ef
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/users_controller.rb
View file

@ -119,6 +119,10 @@ class UsersController < ApplicationController
def account def account
@tokens = current_user.oauth_tokens.authorized @tokens = current_user.oauth_tokens.authorized
append_content_security_policy_directives(
:form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
)
if params[:user] && params[:user][:display_name] && params[:user][:description] if params[:user] && params[:user][:display_name] && params[:user][:description]
if params[:user][:auth_provider].blank? || if params[:user][:auth_provider].blank? ||
(params[:user][:auth_provider] == current_user.auth_provider && (params[:user][:auth_provider] == current_user.auth_provider &&