[openstreetmap/openstreetmap-website] OAuth2 form-action CSP error (Issue #3424)
Robbendebiene
notifications at github.com
Mon Jan 17 12:31:25 UTC 2022
Thank you! Everything works as expected now :)
(tested on Android/Chrome and iOS/Safari)
Just out of curiosity, couldn't you tighten the form-action CSP so it only or additionally allows the defined oauth2 redirect URI?
I believe this is what they did on nextcloud: https://github.com/nextcloud/server/pull/17411/commits/1b5d85a4ca6786f2c63a38716347a0bf26f51bed
But I might be wrong or maybe it breaks something else..
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3424#issuecomment-1014471204
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/3424/1014471204 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20220117/1ca71060/attachment.htm>
More information about the rails-dev
mailing list