Remove form-action CSP directive

Chrome incorrectly restricts the redirect URL to the sources specified
in the form-action value, which prevents the instance oauth page from
loading.
This commit is contained in:
r 2023-10-25 06:40:34 +00:00
parent 597cfc6b1e
commit f4881e7267

View file

@ -32,7 +32,6 @@ const csp = "default-src 'none';" +
" font-src *;" + " font-src *;" +
" child-src *;" + " child-src *;" +
" connect-src 'self';" + " connect-src 'self';" +
" form-action 'self';" +
" script-src 'self';" + " script-src 'self';" +
" style-src 'self'" " style-src 'self'"