summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
Diffstat (limited to 'core')
-rw-r--r--core/Controller/ClientFlowLoginController.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index f049f282ce8..bffedf19224 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -196,7 +196,11 @@ class ClientFlowLoginController extends Controller {
$this->session->set(self::stateName, $stateToken);
$csp = new Http\ContentSecurityPolicy();
- $csp->addAllowedFormActionDomain('nc://*');
+ if ($client) {
+ $csp->addAllowedFormActionDomain($client->getRedirectUri());
+ } else {
+ $csp->addAllowedFormActionDomain('nc://*');
+ }
$response = new StandaloneTemplateResponse(
$this->appName,
@@ -241,7 +245,11 @@ class ClientFlowLoginController extends Controller {
}
$csp = new Http\ContentSecurityPolicy();
- $csp->addAllowedFormActionDomain('nc://*');
+ if ($client) {
+ $csp->addAllowedFormActionDomain($client->getRedirectUri());
+ } else {
+ $csp->addAllowedFormActionDomain('nc://*');
+ }
$response = new StandaloneTemplateResponse(
$this->appName,
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-20 03:36:53 +0000