Remove form_action from CSP

This trips an issue when trying to authenticate through to
third-party sites, e.g. bridge.joinmastodon.org:

    Refused to send form data to 'https://bridge.joinmastodon.org/'
    because it violates the following Content Security Policy
    directive: "form-action 'self'".

Thread: https://vulpine.club/@digifox/101230933751352042
This commit is contained in:
Rey Tucker 2018-12-12 19:58:57 -05:00 committed by ThibG
parent 132dd28162
commit 35b2ba5030

View File

@ -28,7 +28,6 @@ if Rails.env.production?
p.worker_src :self, assets_host
p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
p.manifest_src :self, assets_host
p.form_action :self
end
end