diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2019-10-07 12:03:52 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-07 12:03:52 +0200 |
| commit | a02a6266061c230faf0fc1ac171df23aa554fd6a (patch) | |
| tree | 959ad47da375726522ce0039afbf363829033865 /core | |
| parent | 049628a3f53f3e5e6fe4111b5e28fa90d1a95dd9 (diff) | |
| parent | 1b5d85a4ca6786f2c63a38716347a0bf26f51bed (diff) | |
| download | nextcloud-server-a02a6266061c230faf0fc1ac171df23aa554fd6a.tar.gz nextcloud-server-a02a6266061c230faf0fc1ac171df23aa554fd6a.zip | |
Merge pull request #17411 from kinolaev/fix-oauth2-redirect
Fix oauth client redirect
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index f049f282ce8..bffedf19224 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -196,7 +196,11 @@ class ClientFlowLoginController extends Controller { $this->session->set(self::stateName, $stateToken); $csp = new Http\ContentSecurityPolicy(); - $csp->addAllowedFormActionDomain('nc://*'); + if ($client) { + $csp->addAllowedFormActionDomain($client->getRedirectUri()); + } else { + $csp->addAllowedFormActionDomain('nc://*'); + } $response = new StandaloneTemplateResponse( $this->appName, @@ -241,7 +245,11 @@ class ClientFlowLoginController extends Controller { } $csp = new Http\ContentSecurityPolicy(); - $csp->addAllowedFormActionDomain('nc://*'); + if ($client) { + $csp->addAllowedFormActionDomain($client->getRedirectUri()); + } else { + $csp->addAllowedFormActionDomain('nc://*'); + } $response = new StandaloneTemplateResponse( $this->appName, |