Remove form_action from CSP
This trips an issue when trying to authenticate through to third-party sites, e.g. bridge.joinmastodon.org: Refused to send form data to 'https://bridge.joinmastodon.org/' because it violates the following Content Security Policy directive: "form-action 'self'". Thread: https://vulpine.club/@digifox/101230933751352042pull/857/head
parent
132dd28162
commit
35b2ba5030
|
@ -28,7 +28,6 @@ if Rails.env.production?
|
||||||
p.worker_src :self, assets_host
|
p.worker_src :self, assets_host
|
||||||
p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
|
p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
|
||||||
p.manifest_src :self, assets_host
|
p.manifest_src :self, assets_host
|
||||||
p.form_action :self
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue