WIP - Add CSP form-action attribute in LLNG conf. Need more tests (#1480)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -31,6 +31,7 @@ sub defaultValues {
         'cspConnect'                  => '\'self\'',
         'cspDefault'                  => '\'self\'',
         'cspFont'                     => '\'self\'',
+        'cspFormAction'               => '\'self\'',
         'cspImg'                      => '\'self\' data:',
         'cspScript'                   => '\'self\'',
         'cspStyle'                    => '\'self\'',

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -907,6 +907,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             'default' => '\'self\'',
             'type'    => 'text'
         },
+        'cspFormAction' => {
+            'default' => '\'self\'',
+            'type'    => 'text'
+        },
         'cspImg' => {
             'default' => '\'self\' data:',
             'type'    => 'text'

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -599,6 +599,11 @@ sub attributes {
             default       => "'self'",
             documentation => 'Font source for Content-Security-Policy',
         },
+        cspFormAction => {
+            type          => 'text',
+            default       => "'self'",
+            documentation => 'Form-Action source for Content-Security-Policy',
+        },
         portalAntiFrame => {
             default       => 1,
             type          => 'bool',

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -736,6 +736,7 @@ sub tree {
                                         'cspDefault', 'cspImg',
                                         'cspScript',  'cspStyle',
                                         'cspConnect', 'cspFont',
+                                        'cspFormAction',
                                     ]
                                 },
                                 'requireToken',

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm

@@ -174,6 +174,7 @@ sub reloadConf {
         my $prm = $self->conf->{ 'csp' . ucfirst($_) };
         $csp .= "$_-src $prm;" if ($prm);
     }
+    $csp = $csp  . "form-action 'self' " . $self->conf->{ cspFormAction };
     $self->csp($csp);
 
     # Initialize templateDir

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm

@@ -723,7 +723,8 @@ sub sendHtml {
       'X-Content-Type-Options' => 'nosniff';
 
     # Set authorizated URL for POST
-    my $csp = $self->csp . "form-action 'self'";
+    #my $csp = $self->csp . "form-action 'self'";
+    my $csp = $self->csp;
     if ( my $url = $req->urldc ) {
         $url =~ s#(https?://[^/]+).*#$1#;
         $csp .= " $url";