Add form-action: 'self' to CSP for defense in depth

2018-05-15 17:21:56 -07:00
parent 9e0f387e80
commit 32e2c6dcb5
1 changed files with 1 additions and 0 deletions
--- a/background.html
+++ b/background.html
@@ -11,6 +11,7 @@
            child-src 'self';
            connect-src 'self' https: wss:;
            font-src 'self';
+            form-action 'self';
            frame-src 'none';
            img-src 'self' blob: data:;
            media-src 'self' blob:;