Merge branch 'bugfix/csp-remove-form-action' into 'develop'

http security: remove form-action from CSP definitions

Closes #379

See merge request pleroma/pleroma!456
This commit is contained in:
kaniini 2018-11-16 17:47:22 +00:00
commit 38f76d964f

View File

@ -32,7 +32,6 @@ defp csp_string do
[ [
"default-src 'none'", "default-src 'none'",
"base-uri 'self'", "base-uri 'self'",
"form-action *",
"frame-ancestors 'none'", "frame-ancestors 'none'",
"img-src 'self' data: https:", "img-src 'self' data: https:",
"media-src 'self' https:", "media-src 'self' https:",