Allow to add URLs in CSP from-action from the request object (#1480)

2018-08-28 18:22:55 +02:00 · 2018-08-28 18:22:55 +02:00 · 46702f3a62
commit 46702f3a62
parent 5beb432750
2 changed files with 6 additions and 0 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/Choice.pm
@ -177,6 +177,7 @@ sub _buildAuthLoop {
                        $req->env->{'REQUEST_URI'} ) )
                {
                    $url .= $req->env->{'REQUEST_URI'};
+                    $req->{cspFormAction} .= " $url";
                }
                else {
                    $url .= '#';
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@ -738,6 +738,11 @@ sub sendHtml {
            $csp .= " $url";
        }
    }
+    if ( defined $req->{cspFormAction} ) {
+        $self->logger->debug(
+            "Set CSP form-action with request URL: " . $req->{cspFormAction} );
+        $csp .= " " . $req->{cspFormAction};
+    }
    $csp .= ';';

    # Deny using portal in frame except if it is required