csp: fix typo, add base-uri none

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-30 23:14:35 -04:00 · 2024-05-30 23:14:35 -04:00 · b1886583d9
commit b1886583d9
parent f11103b43b
1 changed files with 1 additions and 1 deletions
--- a/src/router/layers.rs
+++ b/src/router/layers.rs
@ -66,7 +66,7 @@ pub(crate) fn build(server: &Arc<Server>) -> io::Result<axum::routing::IntoMakeS
 			header::CONTENT_SECURITY_POLICY,
 			HeaderValue::from_static(
 				"sandbox; default-src 'none'; font-src 'none'; script-src 'none'; plugin-types application/pdf; \
-				 style-src 'unsafe-inline'; object-src 'self'; frame-ancesors 'none';",
+				 style-src 'unsafe-inline'; object-src 'self'; frame-ancestors 'none'; base-uri 'none';",
 			),
 		))
 		.layer(cors_layer(server))