summaryrefslogtreecommitdiffstats
path: root/core/Controller/ClientFlowLoginController.php
diff options
context:
space:
mode:
authorSergej Nikolaev <kinolaev@gmail.com>2019-10-04 19:56:30 +0300
committerSergej Nikolaev <kinolaev@gmail.com>2019-10-04 21:09:13 +0300
commit1b5d85a4ca6786f2c63a38716347a0bf26f51bed (patch)
treea7d19d6a800b8ef0d58fcaa3956efea4157b74fa /core/Controller/ClientFlowLoginController.php
parentdcae3e77111c60a28efe43821fc721d0ef221596 (diff)
downloadnextcloud-server-1b5d85a4ca6786f2c63a38716347a0bf26f51bed.tar.gz
nextcloud-server-1b5d85a4ca6786f2c63a38716347a0bf26f51bed.zip
fix oauth client redirect
Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>
Diffstat (limited to 'core/Controller/ClientFlowLoginController.php')
-rw-r--r--core/Controller/ClientFlowLoginController.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index f049f282ce8..bffedf19224 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -196,7 +196,11 @@ class ClientFlowLoginController extends Controller {
$this->session->set(self::stateName, $stateToken);
$csp = new Http\ContentSecurityPolicy();
- $csp->addAllowedFormActionDomain('nc://*');
+ if ($client) {
+ $csp->addAllowedFormActionDomain($client->getRedirectUri());
+ } else {
+ $csp->addAllowedFormActionDomain('nc://*');
+ }
$response = new StandaloneTemplateResponse(
$this->appName,
@@ -241,7 +245,11 @@ class ClientFlowLoginController extends Controller {
}
$csp = new Http\ContentSecurityPolicy();
- $csp->addAllowedFormActionDomain('nc://*');
+ if ($client) {
+ $csp->addAllowedFormActionDomain($client->getRedirectUri());
+ } else {
+ $csp->addAllowedFormActionDomain('nc://*');
+ }
$response = new StandaloneTemplateResponse(
$this->appName,