Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/webtorrent/webtorrent.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/server.js
diff options
context:
space:
mode:
Diffstat (limited to 'lib/server.js')
-rw-r--r--lib/server.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/server.js b/lib/server.js
index c8a5488..9fb725d 100644
--- a/lib/server.js
+++ b/lib/server.js
@@ -88,7 +88,7 @@ function Server (torrent, opts = {}) {
res.setHeader('X-Content-Type-Options', 'nosniff')
// Defense-in-depth: Set a strict Content Security Policy to mitigate XSS
- res.setHeader('Content-Security-Policy', "base-uri 'none'; default-src 'none'; frame-ancestors 'none'; object-src 'none';")
+ res.setHeader('Content-Security-Policy', "base-uri 'none'; default-src 'none'; frame-ancestors 'none'; form-action 'none';")
if (pathname === '/favicon.ico') {
return serve404Page()
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 17:42:10 +0300