Remove form_action from CSP

This trips an issue when trying to authenticate through to third-party sites, e.g. bridge.joinmastodon.org: Refused to send form data to 'https://bridge.joinmastodon.org/' because it violates the following Content Security Policy directive: "form-action 'self'". Thread: https://vulpine.club/@digifox/101230933751352042
author: Rey Tucker <git@reytucker.us> 2018-12-12 19:58:57 -0500
committer: ThibG <thib@sitedethib.com> 2018-12-14 08:02:06 +0100
commit: 35b2ba5030dd7fb5ddbb8cb34d0fd54cec8cf269 (patch)
tree: 45c35454ac66b5755e24a6915c865c484cf5277e /config
parent: 132dd281623d1d4a4651a60c9879e39070d5ecf3 (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 1617ad1c1..12b764a5a 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -28,7 +28,6 @@ if Rails.env.production?
     p.worker_src      :self, assets_host
     p.connect_src     :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
     p.manifest_src    :self, assets_host
-    p.form_action     :self
   end
 end
author	Rey Tucker <git@reytucker.us>	2018-12-12 19:58:57 -0500
committer	ThibG <thib@sitedethib.com>	2018-12-14 08:02:06 +0100
commit	35b2ba5030dd7fb5ddbb8cb34d0fd54cec8cf269 (patch)
tree	45c35454ac66b5755e24a6915c865c484cf5277e /config
parent	132dd281623d1d4a4651a60c9879e39070d5ecf3 (diff)