Fix allowed form-action in content security policy

The 'self' form action is needed for uploading CSV files, so that they can be validated. phpcs-errors:253 phpunit-status:successful
2019-11-15 00:28:05 +01:00 · 2019-11-15 00:28:05 +01:00 · 8a64ae740b
commit 8a64ae740b
parent 1bccab2da2
1 changed files with 1 additions and 1 deletions
--- a/.htaccess
+++ b/.htaccess
@ -29,6 +29,6 @@ DirectoryIndex index.php
 AddDefaultCharset UTF-8
 # Set content and feature security headers
-Header set Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://*.jrenslin.de; img-src 'self' https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action https://nat.museum-digital.de;"
+Header set Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://*.jrenslin.de; img-src 'self' https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action 'self';"
 Header set Feature-Policy "midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'self'; gyroscope 'self'; speaker *; payment 'none'; fullscreen 'self'; geolocation 'none';"