SSO: add CSP policy 'form_action: *'

The OAuth2 workflow demands that a POST request be made back to the
requesting application. That request is currently blocked by CSP.

src/core/views/sso.py

@@ -2,6 +2,7 @@ import calendar
 import json
 import logging
 
+from csp.decorators import csp_update
 from oauth2_provider.models import get_access_token_model
 from oauth2_provider.views import AuthorizationView, ClientProtectedScopedResourceView
 
@@ -24,12 +25,14 @@ class SelectedConferenceContextMixin:
         return ctx
 
 
+@method_decorator(csp_update(form_action='*'), name='dispatch')
 class OutOfBandDisplayTokenView(SelectedConferenceContextMixin, TemplateView):
     template_name = 'oauth2_provider/out-of-band-display-token.html'
 
 
+@method_decorator(csp_update(form_action='*'), name='dispatch')
 class AuthorizeView(SelectedConferenceContextMixin, AuthorizationView):
-    pass
+    template_name = 'oauth2_provider/authorize.html'
 
 
 @method_decorator(csrf_exempt, name='dispatch')