From 98e836fdb3a3c80e7a175d142a268078ba3b69b2 Mon Sep 17 00:00:00 2001 From: kermieisinthehouse Date: Mon, 13 Dec 2021 04:45:02 +0000 Subject: [PATCH] Fix auth in CSP (#2112) --- pkg/api/server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/api/server.go b/pkg/api/server.go index 8ec8333bf..154ffa644 100644 --- a/pkg/api/server.go +++ b/pkg/api/server.go @@ -352,7 +352,7 @@ func SecurityHeadersMiddleware(next http.Handler) http.Handler { } connectableOrigins += "; " - cspDirectives := "default-src data: 'self' 'unsafe-inline';" + connectableOrigins + "script-src 'self' 'unsafe-inline'; child-src 'none'; object-src 'none'; form-action 'none'" + cspDirectives := "default-src data: 'self' 'unsafe-inline';" + connectableOrigins + "script-src 'self' 'unsafe-inline'; child-src 'none'; object-src 'none'; form-action 'self'" w.Header().Set("Referrer-Policy", "same-origin") w.Header().Set("X-Content-Type-Options", "nosniff")