Fix CSP failures for Microsoft social sign-in

Replace login.live.com with login.microsoftonline.com in CSP allow list. The URL changed with the move from using the omniauth-windowslive plugin to the omniauth-microsoft_graph plugin but wasn't noticed until now.
2024-05-10 14:11:12 +00:00 · 2024-05-10 14:11:12 +00:00 · b07c758345
commit b07c758345
parent ef00f9a467
2 changed files with 3 additions and 3 deletions
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -17,7 +17,7 @@ class AccountsController < ApplicationController
    @tokens = current_user.oauth_tokens.authorized

    append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
    )

    if errors = session.delete(:user_errors)
@ -32,7 +32,7 @@ class AccountsController < ApplicationController
    @tokens = current_user.oauth_tokens.authorized

    append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
    )

    user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -63,7 +63,7 @@ class UsersController < ApplicationController
    parse_oauth_referer @referer

    append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
    )

    if current_user