Skip to content

recommend setting base-uri to 'none' (ideally), 'self' or at least a specific domain (rarely needed) in Content Security Policy #525

Closed
#809
Closed
recommend setting base-uri to 'none' (ideally), 'self' or at least a specific domain (rarely needed) in Content Security Policy#525
#809
Assignees
mxsashabaknu
Labels
contentChange (needed) to the content repository alongside with this issue/PRenhancementIssues that suggest slight improvements to existing code, tests, etc.
Milestone
v1.7
@thestinger

Description

@thestinger
thestinger
opened on Mar 23, 2021

This controls the base URI set by the <base> feature. As far as I know, that's rarely used or at least is contained within the same origin. Nearly every site should be able to set this to none to get rid of the attack surface.

Metadata

Metadata

Assignees

Labels

contentChange (needed) to the content repository alongside with this issue/PRenhancementIssues that suggest slight improvements to existing code, tests, etc.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions