Fix code for #5493 as suggested by @tjmv

2025-09-04 03:43:07 +00:00 · 2022-02-09 11:14:00 +01:00
parent 7fc94415fb
commit eb0281e47f
1 changed files with 9 additions and 2 deletions
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -62,9 +62,16 @@ class SecureHeaders
            "manifest-src 'self'",
        ];

-        $route = $request->route();
+        $route     = $request->route();
+        $customUrl = '';
+        $authGuard = (string)config('firefly.authentication_guard');
+        $logoutUrl = (string)config('firefly.custom_logout_url');
+        if ('remote_user_guard' === $authGuard && '' !== $logoutUrl) {
+            $customUrl = $logoutUrl;
+        }
+
        if (null !== $route && 'oauth/authorize' !== $route->uri) {
-            $csp[] = "form-action 'self'";
+            $csp[] = sprintf("form-action 'self' %s", $customUrl);
        }

        $featurePolicies = [