From 707ebddbb5da007406ae04e9a418882fc278be01 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 17 Jan 2022 09:33:28 +0000 Subject: [PATCH] Remove form_action restrictions for ouath2_authorizations#create Fixes #3424 --- .rubocop_todo.yml | 1 + app/controllers/oauth2_authorizations_controller.rb | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index b60dd5332..8c0827ab7 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -161,6 +161,7 @@ Rails/HelperInstanceVariable: Rails/LexicallyScopedActionFilter: Exclude: - 'app/controllers/oauth2_applications_controller.rb' + - 'app/controllers/oauth2_authorizations_controller.rb' # Offense count: 5 # Configuration parameters: Include. diff --git a/app/controllers/oauth2_authorizations_controller.rb b/app/controllers/oauth2_authorizations_controller.rb index b851d19b2..54a63fc84 100644 --- a/app/controllers/oauth2_authorizations_controller.rb +++ b/app/controllers/oauth2_authorizations_controller.rb @@ -3,12 +3,13 @@ class Oauth2AuthorizationsController < Doorkeeper::AuthorizationsController prepend_before_action :authorize_web before_action :set_locale + before_action :allow_all_form_action, :only => [:new, :create] authorize_resource :class => false - def new - override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url) + private - super + def allow_all_form_action + override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url) end end -- 2.39.5