From 904ab0db5b1e6ffe7eac8f92eb080d20f00be213 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Mon, 5 Feb 2024 15:45:15 +0100
Subject: [PATCH] fix: use configured binding on SAML IDPs and make sure CSP
 doesn't block POST binding (#7341)

fix: use configured binding on SAML IDPs and make sure CSP doesn't block POST binding
(cherry picked from commit 7f7fb55f34e4c67f0ce8d18e9bf9a2265a363470)
---
 internal/api/ui/login/login.go      | 2 +-
 internal/idp/providers/saml/saml.go | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/internal/api/ui/login/login.go b/internal/api/ui/login/login.go
index af6e555468..ccc0832779 100644
--- a/internal/api/ui/login/login.go
+++ b/internal/api/ui/login/login.go
@@ -105,7 +105,7 @@ func csp() *middleware.CSP {
 	csp := middleware.DefaultSCP
 	csp.ObjectSrc = middleware.CSPSourceOptsSelf()
 	csp.StyleSrc = csp.StyleSrc.AddNonce()
-	csp.ScriptSrc = csp.ScriptSrc.AddNonce()
+	csp.ScriptSrc = csp.ScriptSrc.AddNonce().AddHash("sha256", "AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=")
 	return &csp
 }
 
diff --git a/internal/idp/providers/saml/saml.go b/internal/idp/providers/saml/saml.go
index aa816dfead..b37eb0ac1d 100644
--- a/internal/idp/providers/saml/saml.go
+++ b/internal/idp/providers/saml/saml.go
@@ -159,6 +159,9 @@ func (p *Provider) GetSP() (*samlsp.Middleware, error) {
 	if p.requestTracker != nil {
 		sp.RequestTracker = p.requestTracker
 	}
+	if p.binding != "" {
+		sp.Binding = p.binding
+	}
 	return sp, nil
 }