Remove form_action from CSP - mastodon - Plural Café fork of Mastodon/Glitch Social

diff options

author	Rey Tucker <git@reytucker.us>	2018-12-12 19:58:57 -0500
committer	ThibG <thib@sitedethib.com>	2018-12-14 08:02:06 +0100
commit	35b2ba5030dd7fb5ddbb8cb34d0fd54cec8cf269 (patch)
tree	45c35454ac66b5755e24a6915c865c484cf5277e /config/initializers/cors.rb
parent	132dd281623d1d4a4651a60c9879e39070d5ecf3 (diff)

Remove form_action from CSP

This trips an issue when trying to authenticate through to
third-party sites, e.g. bridge.joinmastodon.org:

    Refused to send form data to 'https://bridge.joinmastodon.org/'
    because it violates the following Content Security Policy
    directive: "form-action 'self'".

Thread: https://vulpine.club/@digifox/101230933751352042

Diffstat (limited to 'config/initializers/cors.rb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: