|
@@ -196,7 +196,11 @@ class ClientFlowLoginController extends Controller {
|
|
|
$this->session->set(self::stateName, $stateToken);
|
|
|
|
|
|
$csp = new Http\ContentSecurityPolicy();
|
|
|
- $csp->addAllowedFormActionDomain('nc://*');
|
|
|
+ if ($client) {
|
|
|
+ $csp->addAllowedFormActionDomain($client->getRedirectUri());
|
|
|
+ } else {
|
|
|
+ $csp->addAllowedFormActionDomain('nc://*');
|
|
|
+ }
|
|
|
|
|
|
$response = new StandaloneTemplateResponse(
|
|
|
$this->appName,
|
|
@@ -241,7 +245,11 @@ class ClientFlowLoginController extends Controller {
|
|
|
}
|
|
|
|
|
|
$csp = new Http\ContentSecurityPolicy();
|
|
|
- $csp->addAllowedFormActionDomain('nc://*');
|
|
|
+ if ($client) {
|
|
|
+ $csp->addAllowedFormActionDomain($client->getRedirectUri());
|
|
|
+ } else {
|
|
|
+ $csp->addAllowedFormActionDomain('nc://*');
|
|
|
+ }
|
|
|
|
|
|
$response = new StandaloneTemplateResponse(
|
|
|
$this->appName,
|