Merge pull request #1337 from mig5/update_csp

Update the Content-Security-Policy
author: Micah Lee <micah@micahflee.com> 2021-04-29 01:24:04 +0000
committer: GitHub <noreply@github.com> 2021-04-29 01:24:04 +0000
commit: 650bf9312852bd75dbef594ed31fc410829b333d (patch)
tree: a810b7a59ba7d5f91d42bb2aee228bb7c22b347d
parent: 059a4425bd655337b04c6835424c7ae84425f8b6 (diff)
parent: 330e6026940a7de78d6ac6165fb56d20516a996f (diff)
download: onionshare-650bf9312852bd75dbef594ed31fc410829b333d.tar.gz
onionshare-650bf9312852bd75dbef594ed31fc410829b333d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/cli/onionshare_cli/web/web.py b/cli/onionshare_cli/web/web.py
index ab47195c..7c2e4256 100644
--- a/cli/onionshare_cli/web/web.py
+++ b/cli/onionshare_cli/web/web.py
@@ -310,7 +310,7 @@ class Web:
         if not self.settings.get("website", "disable_csp") or self.mode != "website":
             r.headers.set(
                 "Content-Security-Policy",
-                "default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self' data:;",
+                "default-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; img-src 'self' data:;",
             )
         return r
author	Micah Lee <micah@micahflee.com>	2021-04-29 01:24:04 +0000
committer	GitHub <noreply@github.com>	2021-04-29 01:24:04 +0000
commit	650bf9312852bd75dbef594ed31fc410829b333d (patch)
tree	a810b7a59ba7d5f91d42bb2aee228bb7c22b347d
parent	059a4425bd655337b04c6835424c7ae84425f8b6 (diff)
parent	330e6026940a7de78d6ac6165fb56d20516a996f (diff)
download	onionshare-650bf9312852bd75dbef594ed31fc410829b333d.tar.gz onionshare-650bf9312852bd75dbef594ed31fc410829b333d.zip