http security: remove form-action from CSP definitions

author William Pitcock <nenolod@dereferenced.org>

Fri, 16 Nov 2018 17:40:21 +0000 (17:40 +0000)

committer William Pitcock <nenolod@dereferenced.org>

Fri, 16 Nov 2018 17:40:21 +0000 (17:40 +0000)
author William Pitcock <nenolod@dereferenced.org>
Fri, 16 Nov 2018 17:40:21 +0000 (17:40 +0000)
committer William Pitcock <nenolod@dereferenced.org>
Fri, 16 Nov 2018 17:40:21 +0000 (17:40 +0000)
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex

index 960c7f6bfb25774d05667e6a461f863f1903e433..31c7332f8fc30e7824c33b1c2263d220a9f76ec9 100644 (file)
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -32,7 +32,6 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
      [
        "default-src 'none'",
        "base-uri 'self'",
-      "form-action *",
        "frame-ancestors 'none'",
        "img-src 'self' data: https:",
        "media-src 'self' https:",
author	William Pitcock <nenolod@dereferenced.org>
	Fri, 16 Nov 2018 17:40:21 +0000 (17:40 +0000)
committer	William Pitcock <nenolod@dereferenced.org>
	Fri, 16 Nov 2018 17:40:21 +0000 (17:40 +0000)