Merge branch 'fix/sso' into 'develop'

SSO: add CSP policy 'form_action: *' See merge request hub/hub!1105

Merge branch 'fix/sso' into 'develop'
a97774bc · HeJ · 6c71c571 · e9b314b2 · a97774bc
Commit a97774bc authored 5 months ago by HeJ
--- a/src/core/views/sso.py
+++ b/src/core/views/sso.py
@@ -2,6 +2,7 @@ import calendar
 import json
 import logging
+from csp.decorators import csp_update
 from oauth2_provider.models import get_access_token_model
 from oauth2_provider.views import AuthorizationView, ClientProtectedScopedResourceView
@@ -24,12 +25,14 @@ class SelectedConferenceContextMixin:
        return ctx
+@method_decorator(csp_update(form_action='*'), name='dispatch')
 class OutOfBandDisplayTokenView(SelectedConferenceContextMixin, TemplateView):
    template_name = 'oauth2_provider/out-of-band-display-token.html'
+@method_decorator(csp_update(form_action='*'), name='dispatch')
 class AuthorizeView(SelectedConferenceContextMixin, AuthorizationView):
-    pass
+    template_name = 'oauth2_provider/authorize.html'
 @method_decorator(csrf_exempt, name='dispatch')