From 4bcf9566ad0f259f425c28134fa7c183d1bd924d Mon Sep 17 00:00:00 2001
From: Pierre Rudloff <contact@rudloff.pro>
Date: Tue, 20 Oct 2020 00:57:26 +0200
Subject: [PATCH] Improve CSP

---
 classes/CspMiddleware.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/classes/CspMiddleware.php b/classes/CspMiddleware.php
index e80103a..fde3377 100644
--- a/classes/CspMiddleware.php
+++ b/classes/CspMiddleware.php
@@ -39,6 +39,9 @@ class CspMiddleware
         $csp->addDirective('default-src', [])
             ->addDirective('font-src', ['self' => true])
             ->addDirective('style-src', ['self' => true])
+            ->addDirective('form-action', ['self' => true])
+            ->addDirective('base-uri', [])
+            ->addDirective('frame-ancestors', [])
             ->addSource('img-src', '*');
 
         if ($this->config->debug) {