From c1bad98702f36b5efdc900edb47657ced26ef711 Mon Sep 17 00:00:00 2001
From: Jade Ellis <jade@ellis.link>
Date: Sat, 10 May 2025 14:22:50 +0100
Subject: [PATCH] fix: Use correct CSP for login page

---
 src/web/oidc/response.rs | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/web/oidc/response.rs b/src/web/oidc/response.rs
index 1dcbd904..b34c696c 100644
--- a/src/web/oidc/response.rs
+++ b/src/web/oidc/response.rs
@@ -40,10 +40,7 @@ impl IntoResponse for OidcResponse {
 			.header(header::CONTENT_TYPE, "text/html")
 			.header(
 				header::CONTENT_SECURITY_POLICY,
-				format!(
-					"default-src 'nonce-{}'; form-action https://eon.presentmatter.one/;",
-					self.nonce
-				),
+				format!("default-src 'nonce-{}'; form-action 'self';", self.nonce),
 			)
 			.body(body.into())
 			.unwrap()