diff options
author | Micah Lee <micah@micahflee.com> | 2021-04-29 01:24:04 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-29 01:24:04 +0000 |
commit | 650bf9312852bd75dbef594ed31fc410829b333d (patch) | |
tree | a810b7a59ba7d5f91d42bb2aee228bb7c22b347d | |
parent | 059a4425bd655337b04c6835424c7ae84425f8b6 (diff) | |
parent | 330e6026940a7de78d6ac6165fb56d20516a996f (diff) | |
download | onionshare-650bf9312852bd75dbef594ed31fc410829b333d.tar.gz onionshare-650bf9312852bd75dbef594ed31fc410829b333d.zip |
Merge pull request #1337 from mig5/update_csp
Update the Content-Security-Policy
-rw-r--r-- | cli/onionshare_cli/web/web.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cli/onionshare_cli/web/web.py b/cli/onionshare_cli/web/web.py index ab47195c..7c2e4256 100644 --- a/cli/onionshare_cli/web/web.py +++ b/cli/onionshare_cli/web/web.py @@ -310,7 +310,7 @@ class Web: if not self.settings.get("website", "disable_csp") or self.mode != "website": r.headers.set( "Content-Security-Policy", - "default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self' data:;", + "default-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; img-src 'self' data:;", ) return r |