diff options
Diffstat (limited to 'lib/server.js')
-rw-r--r-- | lib/server.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/server.js b/lib/server.js index c8a5488..9fb725d 100644 --- a/lib/server.js +++ b/lib/server.js @@ -88,7 +88,7 @@ function Server (torrent, opts = {}) { res.setHeader('X-Content-Type-Options', 'nosniff') // Defense-in-depth: Set a strict Content Security Policy to mitigate XSS - res.setHeader('Content-Security-Policy', "base-uri 'none'; default-src 'none'; frame-ancestors 'none'; object-src 'none';") + res.setHeader('Content-Security-Policy', "base-uri 'none'; default-src 'none'; frame-ancestors 'none'; form-action 'none';") if (pathname === '/favicon.ico') { return serve404Page() |