http security: remove form-action from CSP definitions

This commit is contained in:
William Pitcock 2018-11-16 17:40:21 +00:00
parent 4ad0432565
commit c07464607d

View file

@ -32,7 +32,6 @@ defp csp_string do
[
"default-src 'none'",
"base-uri 'self'",
"form-action *",
"frame-ancestors 'none'",
"img-src 'self' data: https:",
"media-src 'self' https:",