Fix CSP failures for Microsoft social sign-in

Replace login.live.com with login.microsoftonline.com in CSP allow list.

The URL changed with the move from using the omniauth-windowslive plugin
to the omniauth-microsoft_graph plugin but wasn't noticed until now.
This commit is contained in:
Milan Cvetkovic 2024-05-10 14:11:12 +00:00 committed by Tom Hughes
parent ef00f9a467
commit b07c758345
2 changed files with 3 additions and 3 deletions

View file

@ -17,7 +17,7 @@ class AccountsController < ApplicationController
@tokens = current_user.oauth_tokens.authorized
append_content_security_policy_directives(
:form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
:form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
)
if errors = session.delete(:user_errors)
@ -32,7 +32,7 @@ class AccountsController < ApplicationController
@tokens = current_user.oauth_tokens.authorized
append_content_security_policy_directives(
:form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
:form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
)
user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)

View file

@ -63,7 +63,7 @@ class UsersController < ApplicationController
parse_oauth_referer @referer
append_content_security_policy_directives(
:form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
:form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
)
if current_user