Hello. I’m making an app which uses a third party service through iframe and API.
For this purpose I’ve had problems with content-security-policy. Previously I’ve been able to get through all this by adding this to my app:
$policy = new ContentSecurityPolicy();
$policy->allowInlineScript(true);
$policy->addAllowedScriptDomain('*');
$policy->addAllowedChildSrcDomain('*');
$policy->addAllowedFrameDomain('*');
$response->setContentSecurityPolicy($policy);
However I still have one error in my way:
Refused to send form data to 'domain.we.are.trying.to.send.form.data.to' because it violates the following Content Security Policy directive: "form-action 'self'".
What is the correct to let an nextcloud app send form data to another domain?