From eb0281e47faadb3adbb1180411cc90995fab3d41 Mon Sep 17 00:00:00 2001
From: James Cole <james@firefly-iii.org>
Date: Wed, 9 Feb 2022 11:14:00 +0100
Subject: [PATCH] Fix code for #5493 as suggested by @tjmv

---
 app/Http/Middleware/SecureHeaders.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/app/Http/Middleware/SecureHeaders.php b/app/Http/Middleware/SecureHeaders.php
index 035d2d6c97..b2c5040815 100644
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -62,9 +62,16 @@ class SecureHeaders
             "manifest-src 'self'",
         ];
 
-        $route = $request->route();
+        $route     = $request->route();
+        $customUrl = '';
+        $authGuard = (string)config('firefly.authentication_guard');
+        $logoutUrl = (string)config('firefly.custom_logout_url');
+        if ('remote_user_guard' === $authGuard && '' !== $logoutUrl) {
+            $customUrl = $logoutUrl;
+        }
+
         if (null !== $route && 'oauth/authorize' !== $route->uri) {
-            $csp[] = "form-action 'self'";
+            $csp[] = sprintf("form-action 'self' %s", $customUrl);
         }
 
         $featurePolicies = [