From 494c6b3a9f85575c300895016aa6ac1b55800ccd Mon Sep 17 00:00:00 2001
From: Julien Oculi <xdrz.jot.sr@gmail.com>
Date: Tue, 9 Jul 2024 14:02:23 +0200
Subject: [PATCH] feat(csp): :lock: add "base uri" csp security options

---
 src/csp/middleware.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/csp/middleware.ts b/src/csp/middleware.ts
index 305d6ac..e5d39ee 100644
--- a/src/csp/middleware.ts
+++ b/src/csp/middleware.ts
@@ -16,6 +16,7 @@ export function useCsp(
         upgradeInsecureRequests: true,
         styleSrc: [...trustedDomains, "'unsafe-inline'"], //set nonce to inline script
         manifestSrc: [`${ctx.url.origin}/manifest.json`],
+        baseUri: ["'none'"],
         imgSrc: [
             ...trustedDomains,
             'data:',