diff --git a/src/csp/middleware.ts b/src/csp/middleware.ts
index 305d6ac..e5d39ee 100644
--- a/src/csp/middleware.ts
+++ b/src/csp/middleware.ts
@@ -16,6 +16,7 @@ export function useCsp(
         upgradeInsecureRequests: true,
         styleSrc: [...trustedDomains, "'unsafe-inline'"], //set nonce to inline script
         manifestSrc: [`${ctx.url.origin}/manifest.json`],
+        baseUri: ["'none'"],
         imgSrc: [
             ...trustedDomains,
             'data:',