Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/webtorrent/webtorrent.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/server.js
diff options
context:
space:
mode:
authorFeross Aboukhadijeh <feross@feross.org>2019-08-27 23:50:19 +0300
committerFeross Aboukhadijeh <feross@feross.org>2019-08-27 23:50:19 +0300
commit9029557ca3d22faef67315f8ed33df295ce6d59e (patch)
treeb2445afdb02d50fe92a723ddf8769077296aff02 /lib/server.js
parentcdf1159cc0227b1f85c4a52263cbd33bc4ed5242 (diff)
Address @diracdeltas feedback on #1714
Diffstat (limited to 'lib/server.js')
-rw-r--r--lib/server.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/server.js b/lib/server.js
index c8a5488..9fb725d 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -88,7 +88,7 @@ function Server (torrent, opts = {}) {
res.setHeader('X-Content-Type-Options', 'nosniff')
// Defense-in-depth: Set a strict Content Security Policy to mitigate XSS
- res.setHeader('Content-Security-Policy', "base-uri 'none'; default-src 'none'; frame-ancestors 'none'; object-src 'none';")
+ res.setHeader('Content-Security-Policy', "base-uri 'none'; default-src 'none'; frame-ancestors 'none'; form-action 'none';")
if (pathname === '/favicon.ico') {
return serve404Page()
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 20:50:34 +0300