feat(csp): 🔒 add "base uri" csp security options

src/csp/middleware.ts

@@ -16,6 +16,7 @@ export function useCsp(
         upgradeInsecureRequests: true,
         styleSrc: [...trustedDomains, "'unsafe-inline'"], //set nonce to inline script
         manifestSrc: [`${ctx.url.origin}/manifest.json`],
+        baseUri: ["'none'"],
         imgSrc: [
             ...trustedDomains,
             'data:',