aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorr <r@freesoftwareextremist.com>2023-10-25 06:40:34 +0000
committerr <r@freesoftwareextremist.com>2023-10-25 06:40:34 +0000
commitf4881e72675e87a9eae716436c3ac18a788d596d (patch)
tree303c67a3e4e39be3002c7dc1852c9ae9ba675a1c
parent597cfc6b1ed23dc85774a43055416c98b77cae67 (diff)
downloadbloat-f4881e72675e87a9eae716436c3ac18a788d596d.tar.gz
bloat-f4881e72675e87a9eae716436c3ac18a788d596d.zip
Remove form-action CSP directive
Chrome incorrectly restricts the redirect URL to the sources specified in the form-action value, which prevents the instance oauth page from loading.
-rw-r--r--service/transport.go1
1 files changed, 0 insertions, 1 deletions
diff --git a/service/transport.go b/service/transport.go
index d032cce..f7e31d6 100644
--- a/service/transport.go
+++ b/service/transport.go
@@ -32,7 +32,6 @@ const csp = "default-src 'none';" +
" font-src *;" +
" child-src *;" +
" connect-src 'self';" +
- " form-action 'self';" +
" script-src 'self';" +
" style-src 'self'"