From 893cc505708a7c5140b6cb20ece8eb7fb27d8155 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Mon, 3 Jun 2024 23:24:26 -0400
Subject: [PATCH] csp: set `form-action 'none'`

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 src/router/layers.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/router/layers.rs b/src/router/layers.rs
index ea872984..38d4ca97 100644
--- a/src/router/layers.rs
+++ b/src/router/layers.rs
@@ -21,8 +21,8 @@ use tracing::Level;
 
 use crate::{request, router};
 
-const CONDUWUIT_CSP: &str =
-	"sandbox; default-src 'none'; font-src 'none'; script-src 'none'; frame-ancestors 'none'; base-uri 'none';";
+const CONDUWUIT_CSP: &str = "sandbox; default-src 'none'; font-src 'none'; script-src 'none'; frame-ancestors 'none'; \
+                             form-action 'none'; base-uri 'none';";
 const CONDUWUIT_PERMISSIONS_POLICY: &str = "interest-cohort=(),browsing-topics=()";
 
 pub(crate) fn build(server: &Arc<Server>) -> io::Result<axum::routing::IntoMakeService<Router>> {