From c07464607d192add7fec0c91899eb8d3c077d876 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Fri, 16 Nov 2018 17:40:21 +0000
Subject: [PATCH] http security: remove form-action from CSP definitions

---
 lib/pleroma/plugs/http_security_plug.ex | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 960c7f6bf..31c7332f8 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -32,7 +32,6 @@ defp csp_string do
     [
       "default-src 'none'",
       "base-uri 'self'",
-      "form-action *",
       "frame-ancestors 'none'",
       "img-src 'self' data: https:",
       "media-src 'self' https:",