`base-uri` is missing
Opened this issue · 1 comments
xPaw commented
https://www.w3.org/TR/CSP2/#directive-base-uri
I would also suggest adding base-uri 'none';
to the examples because it does not fallback to default-src
.
pfreitag commented
Good suggestion, we'll get that updated.