From f4881e72675e87a9eae716436c3ac18a788d596d Mon Sep 17 00:00:00 2001
From: r <r@freesoftwareextremist.com>
Date: Wed, 25 Oct 2023 06:40:34 +0000
Subject: Remove form-action CSP directive

Chrome incorrectly restricts the redirect URL to the sources specified
in the form-action value, which prevents the instance oauth page from
loading.
---
 service/transport.go | 1 -
 1 file changed, 1 deletion(-)

(limited to 'service/transport.go')

diff --git a/service/transport.go b/service/transport.go
index d032cce..f7e31d6 100644
--- a/service/transport.go
+++ b/service/transport.go
@@ -32,7 +32,6 @@ const csp = "default-src 'none';" +
 	" font-src *;" +
 	" child-src *;" +
 	" connect-src 'self';" +
-	" form-action 'self';" +
 	" script-src 'self';" +
 	" style-src 'self'"
 
-- 
cgit v1.2.3