Looks good to me, and the others should definitely be fixed as well.
I believe the `allow_all_form_action` one is related to a difference in how
browsers enforce CSP for form submissions - specifically some (eg Firefox) only
require that the initial URL submitted to meet the form action policy while
others (eg Chrome) require any subsequent redirects to meet it as well.
Certainly the `session#new` one can lead to an eventual redirect after a
successful authentication and I guess the OAuth one can as well.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/5469#issuecomment-2571677242
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/pull/5469/c2571677...@github.com>
_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev
