From afb22209bfcf67534b651923ceaacb8881d21933 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sun, 14 Mar 2021 10:18:32 +0000 Subject: [PATCH] Allow form submission to any location from the login page This allows openid login to work on browsers like chrome that enforce the form-action rule for redirect POST requests. Fixes #3131 --- app/controllers/users_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index cc8f46d23..6aa98f7ee 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -271,7 +271,7 @@ class UsersController < ApplicationController def login append_content_security_policy_directives( - :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org] + :form_action => %w[*] ) session[:referer] = safe_referer(params[:referer]) if params[:referer] -- 2.39.5