Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.126.2.8 -r1.126.2.9
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	10 Mar 2019 21:34:33 -0000	1.126.2.8
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	18 Mar 2019 15:09:43 -0000	1.126.2.9
@@ -2675,6 +2675,9 @@
         # We do not need object-src
         #
         security::csp::require object-src 'none'
+        
+        security::csp::require form-action 'self'
+        security::csp::require frame-ancestors 'none'
 
         set policy ""
         foreach directive {