git-mirrors/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2025-09-10 20:22:49 +02:00
Code Issues Projects Releases Packages Wiki Activity

web::login: add form-data CSP rules for localhost

Browse source
This commit is contained in:
lafleur 2025-08-10 00:02:44 +02:00
commit a536bc4c97
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/web/oidc/response.rs
View file

@ -24,10 +24,12 @@ pub struct OidcResponse {
impl IntoResponse for OidcResponse { impl IntoResponse for OidcResponse {
fn into_response(self) -> Response<Body> { fn into_response(self) -> Response<Body> {
let content_csp = match self.nonce { let csp_src = match self.nonce {
| Some(nonce) => &format!("default-src 'nonce-{nonce}'; form-action 'self';"), | Some(nonce) => &format!("default-src 'nonce-{nonce}';"),
| None => "default-src 'none'; form-action 'self';", | None => "default-src 'none';",
}; };
let csp_form_action = "form-action 'self' http://localhost http://127.0.0.1 http://[::1];";
let content_csp = format!("{csp_src} {csp_form_action}");
let content_type = match self.body { let content_type = match self.body {
| Some(OAuthRequestBody::Json(_)) => "application/json", | Some(OAuthRequestBody::Json(_)) => "application/json",
| _ => "text/html", | _ => "text/html",