Remove form_action from CSP

This trips an issue when trying to authenticate through to
third-party sites, e.g. bridge.joinmastodon.org:

    Refused to send form data to 'https://bridge.joinmastodon.org/'
    because it violates the following Content Security Policy
    directive: "form-action 'self'".

Thread: https://vulpine.club/@digifox/101230933751352042
th-downstream
Rey Tucker 6 years ago committed by ThibG
parent 656e2d3121
commit 56890834ab

@ -28,7 +28,6 @@ if Rails.env.production?
p.worker_src :self, assets_host
p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
p.manifest_src :self, assets_host
p.form_action :self
end
end

Loading…
Cancel
Save