Browse Source

Remove form_action from CSP

This trips an issue when trying to authenticate through to
third-party sites, e.g. bridge.joinmastodon.org:

    Refused to send form data to 'https://bridge.joinmastodon.org/'
    because it violates the following Content Security Policy
    directive: "form-action 'self'".

Thread: https://vulpine.club/@digifox/101230933751352042
closed-social-glitch-2
Rey Tucker 6 years ago
committed by ThibG
parent
commit
35b2ba5030
1 changed files with 0 additions and 1 deletions
  1. +0
    -1
      config/initializers/content_security_policy.rb

+ 0
- 1
config/initializers/content_security_policy.rb View File

@ -28,7 +28,6 @@ if Rails.env.production?
p.worker_src :self, assets_host p.worker_src :self, assets_host
p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
p.manifest_src :self, assets_host p.manifest_src :self, assets_host
p.form_action :self
end end
end end

Loading…
Cancel
Save