Remove form action from csp
Restricting form-action to 'self' in the content security policy prevented Chrome (and likely other browsers) from using !bangs on the home page. Fixes #408main
parent
ad2b2554c1
commit
9f84a8ad83
|
@ -75,8 +75,7 @@ app.config['CSP'] = 'default-src \'none\';' \
|
|||
'style-src \'self\' \'unsafe-inline\';' \
|
||||
'script-src \'self\';' \
|
||||
'media-src \'self\';' \
|
||||
'connect-src \'self\';' \
|
||||
'form-action \'self\';'
|
||||
'connect-src \'self\';'
|
||||
|
||||
if not os.path.exists(app.config['CONFIG_PATH']):
|
||||
os.makedirs(app.config['CONFIG_PATH'])
|
||||
|
|
Loading…
Reference in New Issue