From 48e136605a30fa7ee71a656b599d91adf47b17fc Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Thu, 17 Nov 2022 22:59:07 +0100
Subject: [PATCH] Fix form-action CSP directive for external login (#20962)

---
 app/controllers/auth/sessions_controller.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb
index f9a55eb4b..afcf8b24b 100644
--- a/app/controllers/auth/sessions_controller.rb
+++ b/app/controllers/auth/sessions_controller.rb
@@ -14,6 +14,10 @@ class Auth::SessionsController < Devise::SessionsController
   before_action :set_instance_presenter, only: [:new]
   before_action :set_body_classes
 
+  content_security_policy only: :new do |p|
+    p.form_action(false)
+  end
+
   def check_suspicious!
     user = find_user
     @login_is_suspicious = suspicious_sign_in?(user) unless user.nil?