From 13320e64a942853b1f9ffa8bd181f13491a7817e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= <clement.oudot@worteks.com>
Date: Fri, 12 Oct 2018 10:11:51 +0200
Subject: [PATCH] Set form-action for SAML Discovery Protocol URL (#1478)

---
 .../lib/Lemonldap/NG/Portal/Main/Run.pm               | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
index 95f10aff5..d3e8d0498 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@@ -754,6 +754,17 @@ sub sendHtml {
             "Set CSP form-action with request URL: " . $req->{cspFormAction} );
         $csp .= " " . $req->{cspFormAction};
     }
+
+    # Set SAML Discovery Protocol in form-action
+    # See https://github.com/w3c/webappsec-csp/issues/8
+    if ( $self->conf->{samlDiscoveryProtocolActivation}
+        and defined $self->conf->{samlDiscoveryProtocolURL} )
+    {
+        $self->logger->debug(
+            "Add SAML Discovery Protocol URL in CSP form-action");
+
+        $csp .= " " . $self->conf->{samlDiscoveryProtocolURL};
+    }
     $csp .= ';';
 
     # Deny using portal in frame except if it is required