From c163154682991138a115879369da29d5b489f139 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Jul 26 2019 11:59:52 +0000
Subject: Fix and improve the default CSP_HEADERS


Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>

---

diff --git a/pagure/default_config.py b/pagure/default_config.py
index aa80f2c..5128ff8 100644
--- a/pagure/default_config.py
+++ b/pagure/default_config.py
@@ -614,8 +614,9 @@ SSH_COMMAND_NON_REPOSPANNER = (
 )
 
 CSP_HEADERS = (
-    "default-src 'self' https:; "
+    "default-src 'self';"
     "script-src 'self' '{nonce_script}'; "
     "style-src 'self' '{nonce_style}'; "
-    "object-src" 'none'"
+    "object-src 'none';"
+    "base-uri 'self';"
 )