diff options
author | r <r@freesoftwareextremist.com> | 2023-10-25 06:40:34 +0000 |
---|---|---|
committer | r <r@freesoftwareextremist.com> | 2023-10-25 06:40:34 +0000 |
commit | f4881e72675e87a9eae716436c3ac18a788d596d (patch) | |
tree | 303c67a3e4e39be3002c7dc1852c9ae9ba675a1c /service | |
parent | 597cfc6b1ed23dc85774a43055416c98b77cae67 (diff) | |
download | bloat-f4881e72675e87a9eae716436c3ac18a788d596d.tar.gz bloat-f4881e72675e87a9eae716436c3ac18a788d596d.zip |
Remove form-action CSP directive
Chrome incorrectly restricts the redirect URL to the sources specified
in the form-action value, which prevents the instance oauth page from
loading.
Diffstat (limited to 'service')
-rw-r--r-- | service/transport.go | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/service/transport.go b/service/transport.go index d032cce..f7e31d6 100644 --- a/service/transport.go +++ b/service/transport.go @@ -32,7 +32,6 @@ const csp = "default-src 'none';" + " font-src *;" + " child-src *;" + " connect-src 'self';" + - " form-action 'self';" + " script-src 'self';" + " style-src 'self'" |