EPBR-7598 Add csp option form action and frame ancestors

communitiesuk · Dec 9, 2024 · cad4575 · cad4575
1 parent a441a55
commit cad4575
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/config.ru b/config.ru
@@ -68,7 +68,9 @@ csp_options = {
   style_src: "'nonce-#{ENV['SCRIPT_NONCE']}' 'self'",
   img_src: "'self' data:",
   report_uri: Sentry.csp_report_uri,
-  report_ratio: 0.01
+  report_ratio: 0.01,
+  frame_ancestors: 'none',
+  form_action: "'self'"
 }.delete_if { |_, value| value.nil? || value=='' }
 
 use Middleware::ContentSecurityPolicy, **Helper::GoogleCsp.add_options_for_google_analytics(csp_options)