fix: use configured binding on SAML IDPs and make sure CSP doesn't block POST binding (#7341)

fix: use configured binding on SAML IDPs and make sure CSP doesn't block POST binding
2025-08-12 01:47:33 +00:00 · 2024-02-05 15:45:15 +01:00
parent c081f72d85
commit 7f7fb55f34
2 changed files with 4 additions and 1 deletions
--- a/internal/api/ui/login/login.go
+++ b/internal/api/ui/login/login.go
@@ -105,7 +105,7 @@ func csp() *middleware.CSP {
 	csp := middleware.DefaultSCP
 	csp.ObjectSrc = middleware.CSPSourceOptsSelf()
 	csp.StyleSrc = csp.StyleSrc.AddNonce()
-	csp.ScriptSrc = csp.ScriptSrc.AddNonce()
+	csp.ScriptSrc = csp.ScriptSrc.AddNonce().AddHash("sha256", "AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=")
 	return &csp
 }