feat(csp): 🔒 add "base uri" csp security options
This commit is contained in:
parent
e4fc9d22ae
commit
494c6b3a9f
|
@ -16,6 +16,7 @@ export function useCsp(
|
|||
upgradeInsecureRequests: true,
|
||||
styleSrc: [...trustedDomains, "'unsafe-inline'"], //set nonce to inline script
|
||||
manifestSrc: [`${ctx.url.origin}/manifest.json`],
|
||||
baseUri: ["'none'"],
|
||||
imgSrc: [
|
||||
...trustedDomains,
|
||||
'data:',
|
||||
|
|
Loading…
Reference in a new issue