Fix auth in CSP (#2112)

2021-12-13 04:45:02 +00:00 · 2021-12-13 04:45:02 +00:00 · 98e836fdb3
parent b86c9fa8fe
commit 98e836fdb3
1 changed files with 1 additions and 1 deletions
--- a/pkg/api/server.go
+++ b/pkg/api/server.go
@ -352,7 +352,7 @@ func SecurityHeadersMiddleware(next http.Handler) http.Handler {
 		}
 		connectableOrigins += "; "

-		cspDirectives := "default-src data: 'self' 'unsafe-inline';" + connectableOrigins + "script-src 'self' 'unsafe-inline'; child-src 'none'; object-src 'none'; form-action 'none'"
+		cspDirectives := "default-src data: 'self' 'unsafe-inline';" + connectableOrigins + "script-src 'self' 'unsafe-inline'; child-src 'none'; object-src 'none'; form-action 'self'"

 		w.Header().Set("Referrer-Policy", "same-origin")
 		w.Header().Set("X-Content-Type-Options", "nosniff")