From f4881e72675e87a9eae716436c3ac18a788d596d Mon Sep 17 00:00:00 2001 From: r Date: Wed, 25 Oct 2023 06:40:34 +0000 Subject: Remove form-action CSP directive Chrome incorrectly restricts the redirect URL to the sources specified in the form-action value, which prevents the instance oauth page from loading. --- service/transport.go | 1 - 1 file changed, 1 deletion(-) (limited to 'service') diff --git a/service/transport.go b/service/transport.go index d032cce..f7e31d6 100644 --- a/service/transport.go +++ b/service/transport.go @@ -32,7 +32,6 @@ const csp = "default-src 'none';" + " font-src *;" + " child-src *;" + " connect-src 'self';" + - " form-action 'self';" + " script-src 'self';" + " style-src 'self'" -- cgit v1.2.3