From 48e136605a30fa7ee71a656b599d91adf47b17fc Mon Sep 17 00:00:00 2001 From: Claire Date: Thu, 17 Nov 2022 22:59:07 +0100 Subject: Fix form-action CSP directive for external login (#20962) --- app/controllers/auth/sessions_controller.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'app/controllers/auth') diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index f9a55eb4b..afcf8b24b 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -14,6 +14,10 @@ class Auth::SessionsController < Devise::SessionsController before_action :set_instance_presenter, only: [:new] before_action :set_body_classes + content_security_policy only: :new do |p| + p.form_action(false) + end + def check_suspicious! user = find_user @login_is_suspicious = suspicious_sign_in?(user) unless user.nil? -- cgit