Rearrange CSP policies

Signed-off-by: Tommy <contact@tommytran.io>
2024-06-23 12:53:19 -07:00 · 2024-06-23 12:53:19 -07:00 · 237f6eafc0
parent 178b5ef936
commit 237f6eafc0
1 changed files with 1 additions and 1 deletions
--- a/static/_headers
+++ b/static/_headers
@ -1,6 +1,6 @@
 /*
  Strict-Transport-Security : max-age=63072000; includeSubDomains; preload
-  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
+  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'none'; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests
  X-Content-Type-Options : nosniff
  Referrer-Policy : no-referrer
  X-Frame-Options : DENY