Hello. I’m making an app which uses a third party service through iframe and API.
For this purpose I’ve had problems with content-security-policy. Previously I’ve been able to get through all this by adding this to my app:
$policy = new ContentSecurityPolicy(); $policy->allowInlineScript(true); $policy->addAllowedScriptDomain('*'); $policy->addAllowedChildSrcDomain('*'); $policy->addAllowedFrameDomain('*'); $response->setContentSecurityPolicy($policy);
However I still have one error in my way:
Refused to send form data to 'domain.we.are.trying.to.send.form.data.to' because it violates the following Content Security Policy directive: "form-action 'self'".
What is the correct to let an nextcloud app send form data to another domain?