Merge remote-tracking branch 'upstream/pull/4638'

[rails.git] / app / controllers / oauth2_authorizations_controller.rb

diff --git a/app/controllers/oauth2_authorizations_controller.rb b/app/controllers/oauth2_authorizations_controller.rb
index 9c2bce2d1e1cb76a4e87d7b5537933105940e5ca..dca95de4e7a34b737906ba2dd524d1c7b2e3f49f 100644 (file)
--- a/app/controllers/oauth2_authorizations_controller.rb
+++ b/app/controllers/oauth2_authorizations_controller.rb
@@ -3,6 +3,13 @@ class Oauth2AuthorizationsController < Doorkeeper::AuthorizationsController
 
   prepend_before_action :authorize_web
   before_action :set_locale
+  before_action :allow_all_form_action, :only => [:new]
 
   authorize_resource :class => false
+
+  private
+
+  def allow_all_form_action
+    override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url)
+  end
 end