[openstreetmap/openstreetmap-website] Fix CSP failures for Microsoft social sign-in (PR #4778)
Milan Cvetkovic
notifications at github.com
Fri May 10 16:04:58 UTC 2024
Add login.microsoftonline.com to CSP allow list for `/account/new`, `/account/edit` and `/users/new`
To reproduce:
`/account/edit`
- Login as existing user
- go to "My Settings"
- change "External Authentication" to Microsoft
- click "Save Changes"
- Page fails to load due to CSP violation
`/account/update` ?
`/users/new`
- Login to https://login.live.com with your existing MS account
- navigate to https://www.openstreetmap.com/login
- click on Microsoft Icon to use social account
- on `/user/new` page click "Sign up"
- Page fails to load due to CSP violation
You can view, comment on, or merge this pull request online at:
https://github.com/openstreetmap/openstreetmap-website/pull/4778
-- Commit Summary --
* Fix CSP failures for Microsoft social sign-in
-- File Changes --
M app/controllers/accounts_controller.rb (4)
M app/controllers/users_controller.rb (2)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/4778.patch
https://github.com/openstreetmap/openstreetmap-website/pull/4778.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4778
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4778 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240510/321d7b35/attachment.htm>
More information about the rails-dev
mailing list