Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
id
go-sso
Commits
b111e43a
Commit
b111e43a
authored
May 06, 2020
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Drop form-action from CSP
Apparently this is applied even after the redirect, so we can't use it.
parent
81b8bd24
Pipeline
#6715
passed with stages
in 3 minutes and 21 seconds
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
2 additions
and
2 deletions
+2
-2
server/http.go
server/http.go
+2
-2
No files found.
server/http.go
View file @
b111e43a
...
...
@@ -30,11 +30,11 @@ import (
)
// A relatively strict CSP.
const
contentSecurityPolicy
=
"default-src 'none'; img-src 'self' data:; script-src 'self'; style-src 'self'; connect-src 'self'; frame-ancestors 'none';
form-action 'self';
base-uri 'none';"
const
contentSecurityPolicy
=
"default-src 'none'; img-src 'self' data:; script-src 'self'; style-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'none';"
// Slightly looser CSP for the logout page: it needs to load remote
// images.
const
logoutContentSecurityPolicy
=
"default-src 'none'; img-src *; script-src 'self'; style-src 'self'; connect-src *; frame-ancestors 'none';
form-action 'self';
base-uri 'none';"
const
logoutContentSecurityPolicy
=
"default-src 'none'; img-src *; script-src 'self'; style-src 'self'; connect-src *; frame-ancestors 'none'; base-uri 'none';"
// Returns the URL of the login handler on the target service.
func
serviceLoginCallback
(
service
,
destination
,
token
string
)
string
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment