Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Relax form-action CSP on authorize response #659

Closed
brockallen opened this issue Jan 5, 2017 · 4 comments
Closed

Relax form-action CSP on authorize response #659

brockallen opened this issue Jan 5, 2017 · 4 comments
Assignees
@brockallen
Labels
enhancement
Milestone
1.0.1

Comments

@brockallen
Copy link
Member

brockallen commented Jan 5, 2017
edited by leastprivilege

Given the external IdP double-posting issues we found in Chrome, perhaps we should relax the form-action CSP setting.
@brockallen brockallen added this to the 1.0.1 milestone Jan 5, 2017
@brockallen brockallen self-assigned this Jan 5, 2017
brockallen added a commit that referenced this issue Jan 6, 2017
@brockallen
remove form-action from CSP #659
a8e95c8
@brockallen
Copy link
Member Author

Related: #475

@brockallen brockallen changed the title Relax form-action CSP Relax form-action CSP on authorize response Jan 6, 2017
@brockallen brockallen mentioned this issue Jan 6, 2017
Closed
@brockallen brockallen mentioned this issue Jan 6, 2017
Closed
@BobBoba
Copy link

BobBoba commented Jan 7, 2017

Fantastic! 1.0.1-build00660 works fine now, many thanks @brockallen for great job!

@xmichaelx
Copy link

xmichaelx commented Jan 25, 2017
edited

I'm adding my SO question to illustrate how issue may look like: http://stackoverflow.com/questions/41854600/identityserver-used-as-external-identity-provider-for-another-identityserver-fai/41862927

Update from 1.0.0 to 1.0.2 solved the problem for me. Thank you!

@ttugates ttugates mentioned this issue Jun 20, 2017
Closed
@lock
Copy link

lock bot commented Jan 15, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@brockallen brockallen

Labels
enhancement
Projects
None yet
Milestone
1.0.1
Development

No branches or pull requests
3 participants
@brockallen @xmichaelx @BobBoba