Remove form_action restrictions for ouath2_authorizations#create

Fixes #3424
openstreetmap · Jan 17, 2022 · 707ebdd · 707ebdd
1 parent 2a82bd1
commit 707ebdd
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -161,6 +161,7 @@ Rails/HelperInstanceVariable:
 Rails/LexicallyScopedActionFilter:
   Exclude:
     - 'app/controllers/oauth2_applications_controller.rb'
+    - 'app/controllers/oauth2_authorizations_controller.rb'
 
 # Offense count: 5
 # Configuration parameters: Include.

diff --git a/app/controllers/oauth2_authorizations_controller.rb b/app/controllers/oauth2_authorizations_controller.rb
@@ -3,12 +3,13 @@ class Oauth2AuthorizationsController < Doorkeeper::AuthorizationsController
 
   prepend_before_action :authorize_web
   before_action :set_locale
+  before_action :allow_all_form_action, :only => [:new, :create]
 
   authorize_resource :class => false
 
-  def new
-    override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url)
+  private
 
-    super
+  def allow_all_form_action
+    override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url)
   end
 end