Remove form_action from CSP

This trips an issue when trying to authenticate through to
third-party sites, e.g. bridge.joinmastodon.org:

    Refused to send form data to 'https://bridge.joinmastodon.org/'
    because it violates the following Content Security Policy
    directive: "form-action 'self'".

Thread: https://vulpine.club/@digifox/101230933751352042
master
Rey Tucker 6 years ago committed by ThibG
parent 132dd28162
commit 35b2ba5030
  1. 1
      config/initializers/content_security_policy.rb

@ -28,7 +28,6 @@ if Rails.env.production?
p.worker_src :self, assets_host
p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
p.manifest_src :self, assets_host
p.form_action :self
end
end

Loading…
Cancel
Save