Commit 2f5570f
committed
fix: add form-action and frame-ancestors to CSP header in redirects
default-src does not cover form-action or frame-ancestors directives per
CSP spec, so omitting them allows unrestricted behavior for those vectors.
Closes #1871 parent 74be78a commit 2f5570f
2 files changed
Lines changed: 2 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
200 | 200 | | |
201 | 201 | | |
202 | 202 | | |
203 | | - | |
| 203 | + | |
204 | 204 | | |
205 | 205 | | |
206 | 206 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
510 | 510 | | |
511 | 511 | | |
512 | 512 | | |
513 | | - | |
| 513 | + | |
514 | 514 | | |
515 | 515 | | |
516 | 516 | | |
| |||
0 commit comments