Fix CSP IndieAuth redirection issue

2022-12-16 09:22:40 +01:00 · 2022-12-16 09:22:40 +01:00 · db6016394b
commit db6016394b
parent 573a76c0c5
3 changed files with 47 additions and 5 deletions
--- a/app/redirect.py
+++ b/app/redirect.py
@ -0,0 +1,28 @@
+from fastapi import Request
+
+from app import templates
+from app.database import AsyncSession
+
+
+async def redirect(
+    request: Request,
+    db_session: AsyncSession,
+    url: str,
+) -> templates.TemplateResponse:
+    """
+    Similar to RedirectResponse, but uses a 200 response with HTML.
+
+    Needed for remote redirects on form submission endpoints,
+    since our CSP policy disallows remote form submission.
+    https://github.com/w3c/webappsec-csp/issues/8#issuecomment-810108984
+    """
+    return await templates.render_template(
+        db_session,
+        request,
+        "redirect.html",
+        {
+            "request": request,
+            "url": url,
+        },
+        headers={"Refresh": "0;url=" + url},
+    )