diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index f049f282ce8a9..bffedf1922473 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -196,7 +196,11 @@ public function showAuthPickerPage($clientIdentifier = '') { $this->session->set(self::stateName, $stateToken); $csp = new Http\ContentSecurityPolicy(); - $csp->addAllowedFormActionDomain('nc://*'); + if ($client) { + $csp->addAllowedFormActionDomain($client->getRedirectUri()); + } else { + $csp->addAllowedFormActionDomain('nc://*'); + } $response = new StandaloneTemplateResponse( $this->appName, @@ -241,7 +245,11 @@ public function grantPage($stateToken = '', } $csp = new Http\ContentSecurityPolicy(); - $csp->addAllowedFormActionDomain('nc://*'); + if ($client) { + $csp->addAllowedFormActionDomain($client->getRedirectUri()); + } else { + $csp->addAllowedFormActionDomain('nc://*'); + } $response = new StandaloneTemplateResponse( $this->appName, diff --git a/tests/Core/Controller/ClientFlowLoginControllerTest.php b/tests/Core/Controller/ClientFlowLoginControllerTest.php index f35b616a68eda..50280e18371f3 100644 --- a/tests/Core/Controller/ClientFlowLoginControllerTest.php +++ b/tests/Core/Controller/ClientFlowLoginControllerTest.php @@ -200,6 +200,7 @@ public function testShowAuthPickerPageWithOauth() { ->willReturn('Mac OS X Sync Client'); $client = new Client(); $client->setName('My external service'); + $client->setRedirectUri('https://example.com/redirect.php'); $this->clientMapper ->expects($this->once()) ->method('getByIdentifier') @@ -249,7 +250,7 @@ public function testShowAuthPickerPageWithOauth() { 'guest' ); $csp = new Http\ContentSecurityPolicy(); - $csp->addAllowedFormActionDomain('nc://*'); + $csp->addAllowedFormActionDomain('https://example.com/redirect.php'); $expected->setContentSecurityPolicy($csp); $this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage('MyClientIdentifier')); }