tvdijen
commented
9 months ago Logout got me the same CSP-error yes. Our logout-url is on another domain.
Open tvdijen opened 9 months ago
tvdijen
commented
9 months ago Logout got me the same CSP-error yes. Our logout-url is on another domain.
When setting a Content-Security-Policy with
form-action *.<your-domain>.nl, the forms won't work in Edge/Chrome. See this article, paragraph "Can the form-action redirect to another url?" for the reason behind this. TL;DR: Edge/Chrome does not allow the form's POST-destination to perform a redirect. Replacing the unnecessary forms with simple links resolves this issue and allows for a stricter CSP-policy.Previously discussed on Slack with @MKodde