- π¬π§United Kingdom the_g_bomb
base-uri is already being added in: π The base-uri policy is missing Needs review . The patch there has tests be improved, so may be better to progress that work there and keep this ticket for adding just the form-action and manifest directives.
Not sure if a separate ticket should be created to add the manifest-src directive to keep the focus, alternatively the ticket heading should be updated to indicate that manifest-src is being added as well as the form-actions directive. - last update
11 months ago 34 pass - π¬π§United Kingdom Alina Basarabeanu
A new patch was created to include only changes to the form-action directive.
The base-uri directive is added with issue 3098417.
The script-src-elem is added with issue 3208781.
The manifest-src should be added with a new issue. - πΊπΈUnited States drupals.user
Is there a workaround for this to add the form-action to the CSP so sites are not negatively affected when being evaluated?
https://developer.mozilla.org/en-US/observatory/docs/tests_and_scoring#content-security-policy