Fix CSP failures for Microsoft social sign-in
Replace login.live.com with login.microsoftonline.com in CSP allow list. The URL changed with the move from using the omniauth-windowslive plugin to the omniauth-microsoft_graph plugin but wasn't noticed until now.
This commit is contained in:
parent
ef00f9a467
commit
b07c758345
2 changed files with 3 additions and 3 deletions
|
@ -17,7 +17,7 @@ class AccountsController < ApplicationController
|
|||
@tokens = current_user.oauth_tokens.authorized
|
||||
|
||||
append_content_security_policy_directives(
|
||||
:form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
|
||||
:form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
|
||||
)
|
||||
|
||||
if errors = session.delete(:user_errors)
|
||||
|
@ -32,7 +32,7 @@ class AccountsController < ApplicationController
|
|||
@tokens = current_user.oauth_tokens.authorized
|
||||
|
||||
append_content_security_policy_directives(
|
||||
:form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
|
||||
:form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
|
||||
)
|
||||
|
||||
user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
|
||||
|
|
|
@ -63,7 +63,7 @@ class UsersController < ApplicationController
|
|||
parse_oauth_referer @referer
|
||||
|
||||
append_content_security_policy_directives(
|
||||
:form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
|
||||
:form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
|
||||
)
|
||||
|
||||
if current_user
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue