[openstreetmap/openstreetmap-website] Fix CSP failures for Microsoft social sign-in (PR #4778)
Milan Cvetkovic
notifications at github.com
Fri May 10 16:47:16 UTC 2024
I have not been able to hit /account/update route to try it out.
> As far as I can see the live.com URLs can be removed as the new plugin doesn't reference those at all and the old one does.
It appears so, in the 2 test cases I was able to try - I am not sure how to trigger /account/update route.
Interestingly, if we get rid of the second round trip as it was suggested in #4455, but later re-introduced in [Re-introduce additional round trip for verifying auth_provider](https://github.com/openstreetmap/openstreetmap-website/pull/4455/commits/4965c19b7a8c96ab87b543af1fc36a1ad7514c09), we could remove the CSP setup in [`users_controller.rb`](https://github.com/openstreetmap/openstreetmap-website/blob/ef00f9a4674d2a0719635333cef8ac6bdc21d940/app/controllers/users_controller.rb#L65C5-L67C6) entirely:
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4778#issuecomment-2104922001
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/4778/c2104922001 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240510/5ba6ac3e/attachment.htm>
More information about the rails-dev
mailing list