fix: 🐛 Fix form-action CSP

2025-12-06 08:28:20 +01:00 · 2024-05-05 23:00:15 -10:00 · 2024-05-05 23:00:15 -10:00 · e0468c421d
parent d95c1c17f0
commit e0468c421d
1 changed files with 2 additions and 0 deletions
--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@ -21,6 +21,8 @@ export default defineNuxtConfig({
            contentSecurityPolicy: {
                "img-src": ["'self'", "data:", "https:"],
                "script-src": ["'nonce-{{nonce}}'", "'strict-dynamic'"],
+                // Add https because of some browsers blocking form-action to 'self' if the page is from a redirect
+                "form-action": ["'self'", "https:"],
            },
            crossOriginResourcePolicy: "same-origin",
            xFrameOptions: "DENY",