Fix form-action CSP directive for external login (#20962)

author: Claire <claire.github-309c@sitedethib.com> 2022-11-17 22:59:07 +0100
committer: GitHub <noreply@github.com> 2022-11-17 22:59:07 +0100
commit: 48e136605a30fa7ee71a656b599d91adf47b17fc (patch)
tree: d732417e28e5629a8d498461441077e0bb20e889 /app/controllers/auth/sessions_controller.rb
parent: 4ae97a2e4c4bea850c95a523e84e0424e7c18ffd (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index f9a55eb4b..afcf8b24b 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -14,6 +14,10 @@ class Auth::SessionsController < Devise::SessionsController
   before_action :set_instance_presenter, only: [:new]
   before_action :set_body_classes
 
+  content_security_policy only: :new do |p|
+    p.form_action(false)
+  end
+
   def check_suspicious!
     user = find_user
     @login_is_suspicious = suspicious_sign_in?(user) unless user.nil?
author	Claire <claire.github-309c@sitedethib.com>	2022-11-17 22:59:07 +0100
committer	GitHub <noreply@github.com>	2022-11-17 22:59:07 +0100
commit	48e136605a30fa7ee71a656b599d91adf47b17fc (patch)
tree	d732417e28e5629a8d498461441077e0bb20e889 /app/controllers/auth/sessions_controller.rb
parent	4ae97a2e4c4bea850c95a523e84e0424e7c18ffd (diff)