Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -N -r1.91 -r1.92
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	25 Apr 2018 19:23:26 -0000	1.91
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	2 May 2018 07:19:26 -0000	1.92
@@ -2303,7 +2303,8 @@
         security::csp::require style-src 'self'
         security::csp::require img-src 'self'
         security::csp::require font-src 'self'
-
+        security::csp::require base-uri 'self'        
+        
         #
         # Some browser (safari, chrome) need "font-src data:", maybe
         # for plugins or diffent font settings. Seems safe enough.
@@ -2346,6 +2347,11 @@
         #
         security::csp::require report-uri /SYSTEM/csp-collector.tcl
 
+        #
+        # We do not need object-src
+        #
+        security::csp::require object-src 'none'        
+
         set policy ""
         foreach directive {
             child-src
@@ -2363,6 +2369,7 @@
             sandbox
             script-src
             style-src
+            base-uri
         } {
             set var ::__csp__directive($directive)
             if {[info exists $var]} {
Index: openacs-4/packages/acs-templating/tcl/head-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-templating/tcl/head-procs.tcl,v
diff -u -N -r1.35 -r1.36
--- openacs-4/packages/acs-templating/tcl/head-procs.tcl	1 May 2018 09:34:09 -0000	1.35
+++ openacs-4/packages/acs-templating/tcl/head-procs.tcl	2 May 2018 07:19:26 -0000	1.36
@@ -162,6 +162,7 @@
         # browsers by checking the user agent.
         #
         security::csp::require script-src 'unsafe-inline'
+        #security::csp::require script-src 'strict-dynamic'
 
         lappend ::template::head::scripts(anonymous) $type "" $charset $defer $async $script $order $crossorigin $integrity
     } else {