• #dev 2022-12-15
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2022-12-15 UTC
# 05:37
M0x3b0b[m] Hmm. Okay, apparently it's specifically that current Chrome-based browsers apply the form-action CSP to redirects. That seems to mean if I want to use IndieAuth I need to either avoid Chrome-based browsers, allow form actions for basically anywhere, or maintain a specific list of targets (and leak the list in my headers). I guess I could be misunderstanding what I'm seeing.