Change form-action to self

shared-module/src/utils/responseHeaders.js

@@ -33,7 +33,7 @@ function generateNormalResponseHeaders(options = { requireTrustedTypesFor: false
         "object-src 'none'",
         "frame-ancestors 'none'",
         "base-uri 'none'",
-        "form-action 'none'",
+        "form-action 'self'",
         "media-src 'self' https://storage.googleapis.com",
         // Forces us to sanitize html before using dangerouslySetInnerHTML. Please see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/require-trusted-types-for
         options.requireTrustedTypesFor && "require-trusted-types-for 'script'",