From b0ed4c8327255ab7883d70c44567bcf7152c2fc3 Mon Sep 17 00:00:00 2001
From: Gabriel Augendre <gabriel@augendre.info>
Date: Sat, 24 Apr 2021 09:19:48 +0200
Subject: [PATCH] Add some more CSP stuff

---
 blog/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/blog/settings.py b/blog/settings.py
index 870c332..5e2d8ef 100644
--- a/blog/settings.py
+++ b/blog/settings.py
@@ -227,3 +227,5 @@ CSP_CONNECT_SRC = ("'self'", https_goatcounter_domain)
 CSP_STYLE_SRC = ("'self'", "'unsafe-inline'")
 CSP_MANIFEST_SRC = ("'self'",)
 CSP_FONT_SRC = ("'self'",)
+CSP_BASE_URI = ("'none'",)
+CSP_FORM_ACTION = ("'self'",)