Allow form submission to any location from the login page

This allows openid login to work on browsers like chrome that enforce
the form-action rule for redirect POST requests.

Fixes #3131

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index cc8f46d23cb8212479d75d98f38b76443945e7fb..6aa98f7ee508b1a083132b567b5305d07aedeaa3 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -271,7 +271,7 @@ class UsersController < ApplicationController
 
   def login
     append_content_security_policy_directives(
 
   def login
     append_content_security_policy_directives(

-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[*]

     )
 
     session[:referer] = safe_referer(params[:referer]) if params[:referer]
     )
 
     session[:referer] = safe_referer(params[:referer]) if params[:referer]