From 0e7e3d552e066aaccecbaaa9325d1e6c7650c289 Mon Sep 17 00:00:00 2001
From: Ricardo Carneiro <ricardoroberto@outlook.com>
Date: Sat, 25 Apr 2026 22:52:38 -0300
Subject: [PATCH] feat: login

---
 .claude/settings.local.json     | 3 ++-
 src/BCards.Web/Program.cs       | 2 +-
 src/BCards.Web/appsettings.json | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.claude/settings.local.json b/.claude/settings.local.json
index 85c3599..c76a4e2 100644
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -35,7 +35,8 @@
       "Bash(ss:*)",
       "Bash(lsof:*)",
       "Bash(dotnet run:*)",
-      "Bash(dotnet user-secrets:*)"
+      "Bash(dotnet user-secrets:*)",
+      "Bash(xargs grep:*)"
     ]
   },
   "enableAllProjectMcpServers": false
diff --git a/src/BCards.Web/Program.cs b/src/BCards.Web/Program.cs
index d490012..22ba835 100644
--- a/src/BCards.Web/Program.cs
+++ b/src/BCards.Web/Program.cs
@@ -626,7 +626,7 @@ app.Use(async (context, next) =>
               "frame-src 'self' https://accounts.google.com https://login.microsoftonline.com; " +
               "object-src 'none'; " +
               "base-uri 'self'; " +
-              "form-action 'self'";
+              "form-action 'self' https://accounts.google.com https://login.microsoftonline.com";
     context.Response.Headers.Append("Content-Security-Policy", csp);
 
     // Load balancer e debugging headers
diff --git a/src/BCards.Web/appsettings.json b/src/BCards.Web/appsettings.json
index d34124e..b9df020 100644
--- a/src/BCards.Web/appsettings.json
+++ b/src/BCards.Web/appsettings.json
@@ -147,7 +147,7 @@
     },
     "Microsoft": {
       "ClientId": "b411606a-e574-4f59-b7cd-10dd941b9fa3",
-      "ClientSecret": ".v88Q~2UIFu926J9lETzY_dY16Wqxo0QvYECjdvx"
+      "ClientSecret": "bff10c42-f1e5-487b-bacb-16b1b691aa7d"
     }
   },
   "Moderation": {