3 files changed, 2 insertions, 3 deletions

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 960c7f6bf..31c7332f8 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -32,7 +32,6 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
     [
       "default-src 'none'",
       "base-uri 'self'",
-      "form-action *",
       "frame-ancestors 'none'",
       "img-src 'self' data: https:",
       "media-src 'self' https:",
diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex
index 10e6b4e52..bb257c262 100644
--- a/lib/pleroma/web/media_proxy/controller.ex
+++ b/lib/pleroma/web/media_proxy/controller.ex
@@ -30,7 +30,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
 
     with true <- Keyword.get(config, :enabled, false),
          {:ok, url} <- Pleroma.Web.MediaProxy.decode_url(sig, url),
-         filename <- Path.basename(url),
+         filename <- Path.basename(URI.parse(url).path),
          true <-
            if(Map.get(params, "filename"),
              do: filename == Path.basename(conn.request_path),
diff --git a/lib/pleroma/web/media_proxy/media_proxy.ex b/lib/pleroma/web/media_proxy/media_proxy.ex
index 6819c0917..93c36b4ed 100644
--- a/lib/pleroma/web/media_proxy/media_proxy.ex
+++ b/lib/pleroma/web/media_proxy/media_proxy.ex
@@ -15,7 +15,7 @@ defmodule Pleroma.Web.MediaProxy do
       base64 = Base.url_encode64(url, @base64_opts)
       sig = :crypto.hmac(:sha, secret, base64)
       sig64 = sig |> Base.url_encode64(@base64_opts)
-      filename = Path.basename(url)
+      filename = Path.basename(URI.parse(url).path)
 
       Keyword.get(config, :base_url, Pleroma.Web.base_url()) <>
         "/proxy/#{sig64}/#{base64}/#{filename}"