Merge pull request #16711 from nextcloud/fix/csp/form_actions/loginflow
Fix login flow form actions
This commit is contained in:
commit
fced73aa37
|
@ -195,7 +195,10 @@ class ClientFlowLoginController extends Controller {
|
||||||
);
|
);
|
||||||
$this->session->set(self::stateName, $stateToken);
|
$this->session->set(self::stateName, $stateToken);
|
||||||
|
|
||||||
return new StandaloneTemplateResponse(
|
$csp = new Http\ContentSecurityPolicy();
|
||||||
|
$csp->addAllowedFormActionDomain('nc://*');
|
||||||
|
|
||||||
|
$response = new StandaloneTemplateResponse(
|
||||||
$this->appName,
|
$this->appName,
|
||||||
'loginflow/authpicker',
|
'loginflow/authpicker',
|
||||||
[
|
[
|
||||||
|
@ -209,6 +212,9 @@ class ClientFlowLoginController extends Controller {
|
||||||
],
|
],
|
||||||
'guest'
|
'guest'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$response->setContentSecurityPolicy($csp);
|
||||||
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -234,7 +240,10 @@ class ClientFlowLoginController extends Controller {
|
||||||
$clientName = $client->getName();
|
$clientName = $client->getName();
|
||||||
}
|
}
|
||||||
|
|
||||||
return new StandaloneTemplateResponse(
|
$csp = new Http\ContentSecurityPolicy();
|
||||||
|
$csp->addAllowedFormActionDomain('nc://*');
|
||||||
|
|
||||||
|
$response = new StandaloneTemplateResponse(
|
||||||
$this->appName,
|
$this->appName,
|
||||||
'loginflow/grant',
|
'loginflow/grant',
|
||||||
[
|
[
|
||||||
|
@ -248,6 +257,9 @@ class ClientFlowLoginController extends Controller {
|
||||||
],
|
],
|
||||||
'guest'
|
'guest'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$response->setContentSecurityPolicy($csp);
|
||||||
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -186,6 +186,9 @@ class ClientFlowLoginControllerTest extends TestCase {
|
||||||
],
|
],
|
||||||
'guest'
|
'guest'
|
||||||
);
|
);
|
||||||
|
$csp = new Http\ContentSecurityPolicy();
|
||||||
|
$csp->addAllowedFormActionDomain('nc://*');
|
||||||
|
$expected->setContentSecurityPolicy($csp);
|
||||||
$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage());
|
$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -245,6 +248,9 @@ class ClientFlowLoginControllerTest extends TestCase {
|
||||||
],
|
],
|
||||||
'guest'
|
'guest'
|
||||||
);
|
);
|
||||||
|
$csp = new Http\ContentSecurityPolicy();
|
||||||
|
$csp->addAllowedFormActionDomain('nc://*');
|
||||||
|
$expected->setContentSecurityPolicy($csp);
|
||||||
$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage('MyClientIdentifier'));
|
$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage('MyClientIdentifier'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue