From 9f84a8ad832a130690f6a9524558522665e0c7b8 Mon Sep 17 00:00:00 2001
From: Ben Busby <noreply+git@benbusby.com>
Date: Tue, 31 Aug 2021 07:57:50 -0600
Subject: [PATCH] Remove form action from csp

Restricting form-action to 'self' in the content security policy
prevented Chrome (and likely other browsers) from using !bangs on the
home page.

Fixes #408
---
 app/__init__.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/__init__.py b/app/__init__.py
index 0c8a7e3..a22eaa4 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -75,8 +75,7 @@ app.config['CSP'] = 'default-src \'none\';' \
                     'style-src \'self\' \'unsafe-inline\';' \
                     'script-src \'self\';' \
                     'media-src \'self\';' \
-                    'connect-src \'self\';' \
-                    'form-action \'self\';'
+                    'connect-src \'self\';'
 
 if not os.path.exists(app.config['CONFIG_PATH']):
     os.makedirs(app.config['CONFIG_PATH'])