Trying to add a contact form to a hugo website recieving Content-Security-Policy warnings

Hi I am trying to add a contact form to my static website using Un-static, this is provided by hugo, Adding a contact forms to a Hugo website - Un-static
When I add the form to the website I am receiving this error

Refused to send form data to '' because it violates the following Content Security Policy directive: "form-action 'self'".

Is there something I have to add to my config.toml or the file in order to solve this. I tried adding

<meta http-equiv="Content-Security-Policy" content="form-action ''" />

to the markdown file but still achieved the same error. Any help?

How are you generating your Content Security Policy? (This is not a Hugo issue per se)

Edit: I mean the complete CSP. Because it could be the server side one is affecting the one you shared above. I would advise you check with your host.


That wouldn’t work since markdown get rendered in <body> tags and the <head> tag belongs where it belongs, not inside <body> so at the least, you’ll have to modify the template that contains the <head> tag.