From: Tom Hughes <tom@compton.nu>
Date: Sun, 14 Mar 2021 10:18:32 +0000 (+0000)
Subject: Allow form submission to any location from the login page
X-Git-Tag: live~2619
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/afb22209bfcf67534b651923ceaacb8881d21933

Allow form submission to any location from the login page

This allows openid login to work on browsers like chrome that enforce
the form-action rule for redirect POST requests.

Fixes #3131
---

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index cc8f46d23..6aa98f7ee 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -271,7 +271,7 @@ class UsersController < ApplicationController
 
   def login
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[*]
     )
 
     session[:referer] = safe_referer(params[:referer]) if params[:referer]