Commit 38f76d96 authored by kaniini's avatar kaniini
Browse files

Merge branch 'bugfix/csp-remove-form-action' into 'develop'

http security: remove form-action from CSP definitions

Closes #379

See merge request !456
parents 4ad04325 c0746460
Pipeline #4503 passed with stages
in 6 minutes and 55 seconds
......@@ -32,7 +32,6 @@ defp csp_string do
[
"default-src 'none'",
"base-uri 'self'",
"form-action *",
"frame-ancestors 'none'",
"img-src 'self' data: https:",
"media-src 'self' https:",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment