cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove form_action restrictions for ouath2_authorizations#create

Browse source 
Fixes #3424
This commit is contained in:
Tom Hughes 2022-01-17 09:33:28 +00:00
parent 2a82bd1cf1
commit 707ebddbb5
2 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.rubocop_todo.yml
View file

@ -161,6 +161,7 @@ Rails/HelperInstanceVariable:
Rails/LexicallyScopedActionFilter:
Exclude:
- 'app/controllers/oauth2_applications_controller.rb'
- 'app/controllers/oauth2_authorizations_controller.rb'
# Offense count: 5
# Configuration parameters: Include.

7
app/controllers/oauth2_authorizations_controller.rb
View file

@ -3,12 +3,13 @@ class Oauth2AuthorizationsController < Doorkeeper::AuthorizationsController
prepend_before_action :authorize_web
before_action :set_locale
before_action :allow_all_form_action, :only => [:new, :create]
authorize_resource :class => false
def new
override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url)
private
super
def allow_all_form_action
override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url)
end
end