Merge pull request #76 from Coreoz/feature/csp

amanteaux · web-flow · commit a472889f927e · 2026-03-06T18:06:40.000+01:00
Set base-uri to none in csp configuration
diff --git a/templates/admin/content-security-policy/csp-configuration.ts b/templates/admin/content-security-policy/csp-configuration.ts
@@ -24,4 +24,5 @@ export const cspRules: CspPolicies<AppEnvironment> = {
   'img-src': '\'self\'',
   'connect-src': '\'self\'',
   'media-src': '\'self\'',
+  'base-uri': '\'none\'',
 };
diff --git a/templates/front/content-security-policy/csp-configuration.ts b/templates/front/content-security-policy/csp-configuration.ts
@@ -21,4 +21,5 @@ export const cspRules: CspPolicies<AppEnvironment> = {
   'img-src': '\'self\'',
   'connect-src': '\'self\'',
   'media-src': '\'self\'',
+  'base-uri': '\'none\'',
 };
