summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Bugzilla/CGI.pm37
1 files changed, 22 insertions, 15 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index f73fa6121..2402e997b 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -31,21 +31,28 @@ BEGIN {
*AUTOLOAD = \&CGI::AUTOLOAD;
}
-use constant DEFAULT_CSP => (
- default_src => [ 'self' ],
- script_src => [ 'self', 'unsafe-inline', 'unsafe-eval' ],
- child_src => [ 'self', ],
- img_src => [ 'self', 'https://secure.gravatar.com' ],
- style_src => [ 'self', 'unsafe-inline' ],
- object_src => [ 'none' ],
- form_action => [
- 'self',
- # used in template/en/default/search/search-google.html.tmpl
- 'https://www.google.com/search'
- ],
- frame_ancestors => [ 'none' ],
- disable => 1,
-);
+sub DEFAULT_CSP {
+ my %policy = (
+ default_src => [ 'self' ],
+ script_src => [ 'self', 'unsafe-inline', 'unsafe-eval' ],
+ child_src => [ 'self', ],
+ img_src => [ 'self', 'https://secure.gravatar.com' ],
+ style_src => [ 'self', 'unsafe-inline' ],
+ object_src => [ 'none' ],
+ form_action => [
+ 'self',
+ # used in template/en/default/search/search-google.html.tmpl
+ 'https://www.google.com/search'
+ ],
+ frame_ancestors => [ 'none' ],
+ disable => 1,
+ );
+ if (Bugzilla->params->{github_client_id} && !Bugzilla->user->id) {
+ push @{$policy{form_action}}, 'https://github.com/login/oauth/authorize', 'https://github.com/login';
+ }
+
+ return %policy;
+}
# Because show_bug code lives in many different .cgi files,
# we needed a centralized place to define the policy.
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-05-20 15:33:24 +0200