mirror of
https://gitea.phreedom.club/localhost_frssoft/bloat.git
synced 2024-11-25 14:19:22 +02:00
Remove form-action CSP directive
Chrome incorrectly restricts the redirect URL to the sources specified in the form-action value, which prevents the instance oauth page from loading.
This commit is contained in:
parent
597cfc6b1e
commit
f4881e7267
|
@ -32,7 +32,6 @@ const csp = "default-src 'none';" +
|
||||||
" font-src *;" +
|
" font-src *;" +
|
||||||
" child-src *;" +
|
" child-src *;" +
|
||||||
" connect-src 'self';" +
|
" connect-src 'self';" +
|
||||||
" form-action 'self';" +
|
|
||||||
" script-src 'self';" +
|
" script-src 'self';" +
|
||||||
" style-src 'self'"
|
" style-src 'self'"
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue