diff options
| author | Sergej Nikolaev <kinolaev@gmail.com> | 2019-10-04 19:56:30 +0300 |
|---|---|---|
| committer | Sergej Nikolaev <kinolaev@gmail.com> | 2019-10-04 21:09:13 +0300 |
| commit | 1b5d85a4ca6786f2c63a38716347a0bf26f51bed (patch) | |
| tree | a7d19d6a800b8ef0d58fcaa3956efea4157b74fa /core/Controller | |
| parent | dcae3e77111c60a28efe43821fc721d0ef221596 (diff) | |
| download | nextcloud-server-1b5d85a4ca6786f2c63a38716347a0bf26f51bed.tar.gz nextcloud-server-1b5d85a4ca6786f2c63a38716347a0bf26f51bed.zip | |
fix oauth client redirect
Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>
Diffstat (limited to 'core/Controller')
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index f049f282ce8..bffedf19224 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -196,7 +196,11 @@ class ClientFlowLoginController extends Controller { $this->session->set(self::stateName, $stateToken); $csp = new Http\ContentSecurityPolicy(); - $csp->addAllowedFormActionDomain('nc://*'); + if ($client) { + $csp->addAllowedFormActionDomain($client->getRedirectUri()); + } else { + $csp->addAllowedFormActionDomain('nc://*'); + } $response = new StandaloneTemplateResponse( $this->appName, @@ -241,7 +245,11 @@ class ClientFlowLoginController extends Controller { } $csp = new Http\ContentSecurityPolicy(); - $csp->addAllowedFormActionDomain('nc://*'); + if ($client) { + $csp->addAllowedFormActionDomain($client->getRedirectUri()); + } else { + $csp->addAllowedFormActionDomain('nc://*'); + } $response = new StandaloneTemplateResponse( $this->appName, |