Allow form submission to any location from the login page

This allows openid login to work on browsers like chrome that enforce the form-action rule for redirect POST requests. Fixes #3131
openstreetmap · Mar 14, 2021 · afb2220 · afb2220
1 parent 7791283
commit afb2220
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -271,7 +271,7 @@ def create
 
   def login
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[*]
     )
 
     session[:referer] = safe_referer(params[:referer]) if params[:referer]