http security: remove form-action from CSP definitions

2018-11-16 17:40:21 +00:00 · 2018-11-16 17:40:21 +00:00 · c07464607d
commit c07464607d
parent 4ad0432565
1 changed files with 0 additions and 1 deletions
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@ -32,7 +32,6 @@ defp csp_string do
    [
      "default-src 'none'",
      "base-uri 'self'",
-      "form-action *",
      "frame-ancestors 'none'",
      "img-src 'self' data: https:",
      "media-src 'self' https:",