CODEWITHSUNDEEP
htmlcontent-security-policy
Anno123
Anno123

Reputation: 67

Content-Security-Policy : directive 'form-action' contains the keyword 'none'

I encounter this error message when I enter my webpage even though it does not cause any error but I still want to get rid of it.

I am not clear about why it occurs because I do not have the word 'none' in my form-action.

Anyone know how to solve it?Thanks

The Content-Security-Policy directive 'form-action' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.

These are my headers and I do not have any header sent by PHP, what header should I modify to avoid this error?

<meta charset="UTF-8">
<meta content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0' name='viewport' />
<link rel="icon" href="data:;base64,=">
<meta name="google" content="notranslate"/>

Upvotes: 1

Views: 4878

Answers (2)

Rohit Gupta
Rohit Gupta

Reputation: 4191

The best thing to do is to see what your headers are. There are many sites that will do this. I recommend cspvalidator.

Then you can try and track down where they are coming from.

Upvotes: 0

Halvor Sakshaug
Halvor Sakshaug

Reputation: 3455

Code, framework, web server or a proxy is setting a Content-Security-Policy in a response header (or code possibly in a meta tag). It sets the directive "form-action 'none' []". This doesn't make any sense as 'none' should be the only source listed, it should be removed once you add other source expressions. You need to identify what sets the CSP and remove 'none'.

Upvotes: 1

Related Questions