]> git.openstreetmap.org Git - rails.git/commitdiff
projects / rails.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bac40c9)
Really remove login.live.com from CSP allow list
authorTom Hughes <tom@compton.nu>
Fri, 10 May 2024 16:55:11 +0000 (17:55 +0100)
committerTom Hughes <tom@compton.nu>
Fri, 10 May 2024 16:55:11 +0000 (17:55 +0100)
app/controllers/accounts_controller.rb patch | blob | history
app/controllers/users_controller.rb patch | blob | history

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 1f1cc577af3b0f0fd1e5a02ccedeb445908f4238..6b47ca6660d1ee200691f05b0443178eb1d54997 100644 (file)
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -17,7 +17,7 @@ class AccountsController < ApplicationController
     @tokens = current_user.oauth_tokens.authorized
 
     append_content_security_policy_directives(
     @tokens = current_user.oauth_tokens.authorized
 
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.microsoftonline.com github.com meta.wikimedia.org]
     )
 
     if errors = session.delete(:user_errors)
     )
 
     if errors = session.delete(:user_errors)
@@ -32,7 +32,7 @@ class AccountsController < ApplicationController
     @tokens = current_user.oauth_tokens.authorized
 
     append_content_security_policy_directives(
     @tokens = current_user.oauth_tokens.authorized
 
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.microsoftonline.com github.com meta.wikimedia.org]
     )
 
     user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
     )
 
     user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 417991292e9414bfdea1edac2e4720aae7b928eb..2cdec642d33ed8a4876defd7f53100b97b1d18f6 100644 (file)
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -63,7 +63,7 @@ class UsersController < ApplicationController
     parse_oauth_referer @referer
 
     append_content_security_policy_directives(
     parse_oauth_referer @referer
 
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com login.microsoftonline.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.microsoftonline.com github.com meta.wikimedia.org]
     )
 
     if current_user
     )
 
     if current_user
The OpenStreetMap web site