Merge branch 'bugfix/csp-remove-form-action' into 'develop'
http security: remove form-action from CSP definitions Closes #379 See merge request pleroma/pleroma!456
This commit is contained in:
commit
38f76d964f
@ -32,7 +32,6 @@ defp csp_string do
|
|||||||
[
|
[
|
||||||
"default-src 'none'",
|
"default-src 'none'",
|
||||||
"base-uri 'self'",
|
"base-uri 'self'",
|
||||||
"form-action *",
|
|
||||||
"frame-ancestors 'none'",
|
"frame-ancestors 'none'",
|
||||||
"img-src 'self' data: https:",
|
"img-src 'self' data: https:",
|
||||||
"media-src 'self' https:",
|
"media-src 'self' https:",
|
||||||
|
Loading…
Reference in New Issue
Block a user