[openstreetmap/openstreetmap-website] OAuth2 form-action CSP error (Issue #3424)
Tom Hughes
notifications at github.com
Mon Jan 17 09:42:48 UTC 2022
I suspect that is misleading as I don't see why that would redirect to the OAuth callback.
I think it's the POST to /oauth2/authorize myself - we were allowing it on the GET which will redirect if the application is already authorized but not on the POST if the application needed to be authorized and the GET just presented a form asking for authorization.
If you're not already logged in then the GET will redirect through login first which may be causing some confusion but ultimately I don't think that can ever be what redirects to the callback.
I've just deployed my attempted fix to the test site if you want to try it...
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3424#issuecomment-1014324770
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/3424/1014324770 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20220117/a1d71304/attachment.htm>
More information about the rails-dev
mailing list