The source list for CSP directive 'form-action' contains an invalid source
Concerned version
Version: 2.0
Platform: Apache2
Summary
The source list for Content Security Policy directive 'form-action' contains an invalid source: '/?cancel=1'. It will be ignored.
Log
[debug] Display type logo for module Twitter
[debug] Authentication choice Twitter will be displayed
[debug] Displaying authentication choice 5_Facebook
[debug] Use URL /?cancel=1
[debug] Display type logo for module Facebook
[debug] Authentication choice Facebook will be displayed
[debug] Displaying authentication choice 6_SAML
[debug] Use URL /?cancel=1
[debug] Display type logo for module SAML
[debug] Authentication choice SAML will be displayed
[debug] Displaying authentication choice 7_OpenID_Connect
[debug] Use URL /?cancel=1
[debug] Display type logo for module OpenIDConnect
[debug] Authentication choice OpenID Connect will be displayed
[debug] Displaying authentication choice 8_CAS
[debug] Use URL /?cancel=1
[debug] Display type logo for module CAS
[debug] Authentication choice CAS will be displayed
[debug] Skin returned: login
[debug] Calling sendHtml with template login
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Set CSP form-action with request URL: /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action 'self' * /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1;frame-ancestors 'none';