Avoid CSP issues with OpenID login
To avoid Chrom getting upset about sending form data to sites that our policy doesn't allow, even when it isn't, use Javascript to jump straight to Omniauth as the direct OpenID based login buttons were already doing. Fixes #1909
This commit is contained in:
Tom Hughes
parent
e5c5210896
commit
d2ff1491b4
4 changed files with 26 additions and 49 deletions
|
|
@ -40,6 +40,13 @@
|
|||
<%= submit_tag t('.login_button'), :tabindex => 4 %>
|
||||
</fieldset>
|
||||
|
||||
</div>
|
||||
|
||||
<% end %>
|
||||
|
||||
<%= form_tag(auth_path(:provider => "openid"), { :id => "openid_login_form" }) do %>
|
||||
<div id="loginForm" class="standard-form">
|
||||
|
||||
<fieldset class='form-divider'>
|
||||
|
||||
<p class='standard-label'><%= t '.with external' %></p>
|
||||
|
|
@ -68,15 +75,11 @@
|
|||
|
||||
<div id='login_openid_url' class='form-row'>
|
||||
<label for='openid_url' class="standard-label"><%= raw t '.openid', :logo => openid_logo %></label>
|
||||
<%= hidden_field_tag("openid_referer", params[:referer]) if params[:referer] %>
|
||||
<%= text_field_tag("openid_url", "", { :tabindex => 3, :class => "openid_url" }) %>
|
||||
<span class="minorNote">(<a href="<%= t 'users.account.openid.link' %>" target="_new"><%= t 'users.account.openid.link text' %></a>)</span>
|
||||
</div>
|
||||
|
||||
<div class='form-row'>
|
||||
<%= check_box_tag "remember_me_openid", "yes", false, :tabindex => 5 %>
|
||||
<label class="standard-label" for="remember_me_openid"><%= t '.remember' %></label>
|
||||
</div>
|
||||
|
||||
<%= submit_tag t('.login_button'), :tabindex => 6, :id => "login_openid_submit" %>
|
||||
|
||||
</fieldset>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue