sendnrw/pocket-id
2
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-05-16 09:59:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove SetAllowedFormAction and explicitly set csp header

Browse Source
This commit is contained in:
Elias Schneider
2026-04-19 15:30:23 +02:00
parent d620bc6818
commit 881d3df24e
6 changed files with 94 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/internal/controller/oidc_controller.go
View File

@@ -100,12 +100,6 @@ func (oc *OidcController) authorizeHandler(c *gin.Context) {
return
}
// Set the allowed form-action in CSP after validation (when response_mode is form_post)
// Only set if we have a valid callback URL from the service
if input.ResponseMode == "form_post" && callbackURL != "" {
middleware.SetAllowedFormAction(c, callbackURL)
}
response := dto.AuthorizeOidcClientResponseDto{
Code: code,
CallbackURL: callbackURL,