Remove form-action CSP directive

Chrome incorrectly restricts the redirect URL to the sources specified in the form-action value, which prevents the instance oauth page from loading.
2023-10-25 06:40:34 +00:00 · 2023-10-25 06:40:34 +00:00 · f4881e7267
parent 597cfc6b1e
commit f4881e7267
1 changed files with 0 additions and 1 deletions
--- a/service/transport.go
+++ b/service/transport.go
@ -32,7 +32,6 @@ const csp = "default-src 'none';" +
 	" font-src *;" +
 	" child-src *;" +
 	" connect-src 'self';" +
-	" form-action 'self';" +
 	" script-src 'self';" +
 	" style-src 'self'"