From: William Pitcock <nenolod@dereferenced.org>
Date: Fri, 16 Nov 2018 17:40:21 +0000 (+0000)
Subject: http security: remove form-action from CSP definitions
X-Git-Url: http://git.squeep.com/?a=commitdiff_plain;h=c07464607d192add7fec0c91899eb8d3c077d876;p=akkoma

http security: remove form-action from CSP definitions
---

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 960c7f6bf..31c7332f8 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -32,7 +32,6 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
     [
       "default-src 'none'",
       "base-uri 'self'",
-      "form-action *",
       "frame-ancestors 'none'",
       "img-src 'self' data: https:",
       "media-src 'self' https:",