Set default formAction CSP (#1499)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -33,7 +33,7 @@ sub defaultValues {
         'cspConnect'                  => '\'self\'',
         'cspDefault'                  => '\'self\'',
         'cspFont'                     => '\'self\'',
-        'cspFormAction'               => '*',
+        'cspFormAction'               => '\'self\'',
         'cspImg'                      => '\'self\' data:',
         'cspScript'                   => '\'self\'',
         'cspStyle'                    => '\'self\'',

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -920,7 +920,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             'type'    => 'text'
         },
         'cspFormAction' => {
-            'default' => '*',
+            'default' => '\'self\'',
             'type'    => 'text'
         },
         'cspImg' => {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -615,7 +615,7 @@ sub attributes {
         },
         cspFormAction => {
             type          => 'text',
-            default       => "*",
+            default       => "'self'",
             documentation => 'Form action destination for Content-Security-Policy',
         },
         cspImg => {

lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm

@@ -723,7 +723,7 @@ sub sendHtml {
 
     # Set authorized URL for POST
     my $csp
-        = $self->csp . "form-action 'self' " . $self->conf->{cspFormAction};
+        = $self->csp . "form-action " . $self->conf->{cspFormAction};
     if ( my $url = $req->urldc ) {
         $self->logger->debug("Required urldc : $url");
         $url =~ s#(https?://[^/]+).*#$1#;