From c0b2acf33edd1bc1077a4fed5b9bd2b658caeff9 Mon Sep 17 00:00:00 2001 From: Pierre Rudloff Date: Wed, 4 Nov 2020 23:03:39 +0100 Subject: [PATCH] Don't restrict forms in CSP (#327) --- classes/Middleware/CspMiddleware.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/Middleware/CspMiddleware.php b/classes/Middleware/CspMiddleware.php index 8e6ad73c..c3c72ff5 100644 --- a/classes/Middleware/CspMiddleware.php +++ b/classes/Middleware/CspMiddleware.php @@ -40,10 +40,10 @@ public function applyHeader(Response $response) $csp->addDirective('default-src', []) ->addDirective('font-src', ['self' => true]) ->addDirective('style-src', ['self' => true]) - ->addDirective('form-action', ['self' => true]) ->addDirective('manifest-src', ['self' => true]) ->addDirective('base-uri', []) ->addDirective('frame-ancestors', []) + ->addSource('form-action', '*') ->addSource('img-src', '*'); if ($this->config->debug) {