commit: 38f76d964f62f03f01abc8beeeddaac97a91d751
parent: 4ad043256542f2defd147f9257466d848e417c26
Author: kaniini <nenolod@gmail.com>
Date: Fri, 16 Nov 2018 17:47:22 +0000
Merge branch 'bugfix/csp-remove-form-action' into 'develop'
http security: remove form-action from CSP definitions
Closes #379
See merge request pleroma/pleroma!456
Diffstat:
1 file changed, 0 insertions(+), 1 deletion(-)
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
@@ -32,7 +32,6 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
[
"default-src 'none'",
"base-uri 'self'",
- "form-action *",
"frame-ancestors 'none'",
"img-src 'self' data: https:",
"media-src 'self' https:",