From c801df41ead1d24f0eb4f426ea3541e01d39a37d Mon Sep 17 00:00:00 2001
From: Robert O'Rourke <23417+roborourke@users.noreply.github.com>
Date: Thu, 22 May 2025 19:41:53 +0100
Subject: [PATCH] Allow donate.wikimedia.org as a form action

This is to make adding the dynamic donation bar form simpler to implement.

Signed-off-by: Robert O'Rourke <23417+roborourke@users.noreply.github.com>
---
 inc/csp.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/csp.php b/inc/csp.php
index 539f632..069bb72 100644
--- a/inc/csp.php
+++ b/inc/csp.php
@@ -297,7 +297,7 @@ function add_csp_headers( array $headers ) {
 	// These policies cannot be filtered.
 	$csp_invariate_policies = [
 		"base-uri 'self'",
-		"form-action 'self'",
+		"form-action 'self' https://donate.wikimedia.org",
 		"frame-ancestors 'self'",
 		"object-src 'none'",
 		'block-all-mixed-content',