From a8257daa7c421527c04265d4afec0e4deb8dc7e5 Mon Sep 17 00:00:00 2001
From: wbamberg <will@bootbonnet.ca>
Date: Wed, 18 Sep 2024 16:51:17 -0700
Subject: [PATCH] Update form-action

---
 .../headers/content-security-policy/form-action/index.md    | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/files/en-us/web/http/headers/content-security-policy/form-action/index.md b/files/en-us/web/http/headers/content-security-policy/form-action/index.md
index b320bafc403b528..e8a86e67f33a63f 100644
--- a/files/en-us/web/http/headers/content-security-policy/form-action/index.md
+++ b/files/en-us/web/http/headers/content-security-policy/form-action/index.md
@@ -41,7 +41,11 @@ This directive may have either:
 - the single keyword value `'none'`, meaning that no form submissions may be made
 - a list of _source expression_ values, meaning that form submissions may be made to URLs that match any of the given source expressions.
 
-The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources).
+The syntax for each source expression is given in [CSP Source Values](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources). However, only the following subset of those values apply to `form-action`:
+
+- `<host-source>`
+- `<scheme-source>`
+- the keyword value `'self'`.
 
 ## Examples