D19158.diff
No OneTemporary
Actions

Size

476 B

Referenced Files

None

Subscribers

None

D19158.diff
View Options

	diff --git a/src/aphront/response/AphrontResponse.php b/src/aphront/response/AphrontResponse.php
	--- a/src/aphront/response/AphrontResponse.php
	+++ b/src/aphront/response/AphrontResponse.php
	@@ -154,6 +154,9 @@
	// download URI instead of submitting a form to it.
	$csp[] = "form-action 'self'";

	+ // Block use of "<base>" to change the origin of relative URIs on the page.
	+ $csp[] = "base-uri 'none'";
	+
	$csp = implode('; ', $csp);

	return $csp;