Skip to content

Commit

Permalink
Really remove login.live.com from CSP allow list
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomhughes
tomhughes committed May 10, 2024
1 parent bac40c9 commit ebb1fba
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions app/controllers/accounts_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ def edit
@tokens = current_user.oauth_tokens.authorized

append_content_security_policy_directives(
:form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
:form_action => %w[accounts.google.com *.facebook.com login.microsoftonline.com github.com meta.wikimedia.org]
)

if errors = session.delete(:user_errors)
Expand All @@ -32,7 +32,7 @@ def update
@tokens = current_user.oauth_tokens.authorized

append_content_security_policy_directives(
:form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
:form_action => %w[accounts.google.com *.facebook.com login.microsoftonline.com github.com meta.wikimedia.org]
)

user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/users_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ def new
parse_oauth_referer @referer

append_content_security_policy_directives(
:form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
:form_action => %w[accounts.google.com *.facebook.com login.microsoftonline.com github.com meta.wikimedia.org]
)

if current_user
Expand Down

0 comments on commit ebb1fba

Please sign in to comment.