Add form-action: 'self' to CSP for defense in depth

This commit is contained in:
Scott Nonnenberg 2018-05-15 17:21:56 -07:00
parent 9e0f387e80
commit 32e2c6dcb5

View file

@ -11,6 +11,7 @@
child-src 'self';
connect-src 'self' https: wss:;
font-src 'self';
form-action 'self';
frame-src 'none';
img-src 'self' blob: data:;
media-src 'self' blob:;