diff options
| author | Rey Tucker <git@reytucker.us> | 2018-12-12 19:58:57 -0500 |
|---|---|---|
| committer | ThibG <thib@sitedethib.com> | 2018-12-14 08:02:06 +0100 |
| commit | 35b2ba5030dd7fb5ddbb8cb34d0fd54cec8cf269 (patch) | |
| tree | 45c35454ac66b5755e24a6915c865c484cf5277e /config/initializers/content_security_policy.rb | |
| parent | 132dd281623d1d4a4651a60c9879e39070d5ecf3 (diff) | |
Remove form_action from CSP
This trips an issue when trying to authenticate through to
third-party sites, e.g. bridge.joinmastodon.org:
Refused to send form data to 'https://bridge.joinmastodon.org/'
because it violates the following Content Security Policy
directive: "form-action 'self'".
Thread: https://vulpine.club/@digifox/101230933751352042
Diffstat (limited to 'config/initializers/content_security_policy.rb')
| -rw-r--r-- | config/initializers/content_security_policy.rb | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 1617ad1c1..12b764a5a 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -28,7 +28,6 @@ if Rails.env.production? p.worker_src :self, assets_host p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts p.manifest_src :self, assets_host - p.form_action :self end end |