luna/mastodon
0
0
Fork 0
mirror of https://github.com/lunaisnotaboy/mastodon.git synced 2024-11-06 23:14:57 +00:00
Code Issues Projects Releases Wiki Activity

Remove form_action from CSP

Browse source 
This trips an issue when trying to authenticate through to
third-party sites, e.g. bridge.joinmastodon.org:

    Refused to send form data to 'https://bridge.joinmastodon.org/'
    because it violates the following Content Security Policy
    directive: "form-action 'self'".

Thread: https://vulpine.club/@digifox/101230933751352042
This commit is contained in:
Rey Tucker 2018-12-12 19:58:57 -05:00 committed by ThibG
parent 132dd28162
commit 35b2ba5030
1 changed files with 0 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/initializers/content_security_policy.rb
View file

@ -28,7 +28,6 @@ if Rails.env.production?
p.worker_src :self, assets_host p.worker_src :self, assets_host
p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts p.connect_src :self, :blob, Rails.configuration.x.streaming_api_base_url, *data_hosts
p.manifest_src :self, assets_host p.manifest_src :self, assets_host
p.form_action :self
end end
end end