Add form-action and base-uri CSPs

author: Alan Pearce 2023-09-09 18:19:29 +0200
committer: Alan Pearce 2023-09-09 18:19:29 +0200
commit: 093ac10f7e5c9bd40e9def573c654069e4cba1a9 (patch)
tree: d7f06d37dcab091104320a28c2a309ac212799a0
parent: 4c9ac0a4636df958309fe7bb17945113a0fa5fb2 (diff)
download: zola-bearblog-093ac10f7e5c9bd40e9def573c654069e4cba1a9.tar.lz
zola-bearblog-093ac10f7e5c9bd40e9def573c654069e4cba1a9.tar.zst
zola-bearblog-093ac10f7e5c9bd40e9def573c654069e4cba1a9.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/netlify.toml b/netlify.toml
index 422ca3b..b75399f 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -22,4 +22,4 @@ command = "zola build --base-url $DEPLOY_PRIME_URL"
     X-XSS-Protection = "1; mode=block"
     Referrer-Policy = "strict-origin-when-cross-origin"
     Strict-Transport-Security = "max-age=63072000; includeSubdomains"
-    Content-Security-Policy = "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'"
+    Content-Security-Policy = "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; form-action 'none'; base-uri 'self'; frame-ancestors 'none'"
author	Alan Pearce	2023-09-09 18:19:29 +0200
committer	Alan Pearce	2023-09-09 18:19:29 +0200
commit	093ac10f7e5c9bd40e9def573c654069e4cba1a9 (patch)
tree	d7f06d37dcab091104320a28c2a309ac212799a0
parent	4c9ac0a4636df958309fe7bb17945113a0fa5fb2 (diff)
download	zola-bearblog-093ac10f7e5c9bd40e9def573c654069e4cba1a9.tar.lz zola-bearblog-093ac10f7e5c9bd40e9def573c654069e4cba1a9.tar.zst zola-bearblog-093ac10f7e5c9bd40e9def573c654069e4cba1a9.zip