[openstreetmap/openstreetmap-website] Fix allow_thirdparty_images options (PR #5469)
Tom Hughes
notifications at github.com
Sun Jan 5 16:17:05 UTC 2025
Looks good to me, and the others should definitely be fixed as well.
I believe the `allow_all_form_action` one is related to a difference in how browsers enforce CSP for form submissions - specifically some (eg Firefox) only require that the initial URL submitted to meet the form action policy while others (eg Chrome) require any subsequent redirects to meet it as well.
Certainly the `session#new` one can lead to an eventual redirect after a successful authentication and I guess the OAuth one can as well.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5469#issuecomment-2571677242
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/pull/5469/c2571677242 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250105/4a7cb7c7/attachment.htm>
More information about the rails-dev
mailing list