IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Ignore form action when doing oAuth2.

Browse Source
This commit is contained in:
James Cole 2019-01-27 17:15:40 +01:00
parent cec8210d8b
commit 20b458f35d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Middleware/SecureHeaders.php
View File

@ -54,12 +54,15 @@ class SecureHeaders
sprintf("script-src 'self' 'unsafe-eval' 'unsafe-inline' %s", $google), sprintf("script-src 'self' 'unsafe-eval' 'unsafe-inline' %s", $google),
"style-src 'self' 'unsafe-inline'", "style-src 'self' 'unsafe-inline'",
"base-uri 'self'", "base-uri 'self'",
"form-action 'self'",
"font-src 'self'", "font-src 'self'",
"connect-src 'self'", "connect-src 'self'",
"img-src 'self' data: https://api.tiles.mapbox.com", "img-src 'self' data: https://api.tiles.mapbox.com",
"manifest-src 'self'", "manifest-src 'self'",
]; ];
$route = $request->route()->uri;
if($route !== 'oauth/authorize') {
$csp[] = "form-action 'self'";
}
$featurePolicies = [ $featurePolicies = [
"geolocation 'none'", "geolocation 'none'",