http security: remove form-action from CSP definitions
This commit is contained in:
parent
4ad0432565
commit
c07464607d
|
@ -32,7 +32,6 @@ defp csp_string do
|
|||
[
|
||||
"default-src 'none'",
|
||||
"base-uri 'self'",
|
||||
"form-action *",
|
||||
"frame-ancestors 'none'",
|
||||
"img-src 'self' data: https:",
|
||||
"media-src 'self' https:",
|
||||
|
|
Loading…
Reference in New Issue