csp: do not use java applet, <base>

2020-06-20 10:19:54 +09:00 · 2020-06-20 10:19:54 +09:00 · 10d77cf183
commit 10d77cf183
parent f0929c6bab
1 changed files with 2 additions and 0 deletions
--- a/app.py
+++ b/app.py
@ -104,6 +104,8 @@ csp = {
    "script-src": "'self'",  # to use nonce
    "style-src": "'unsafe-inline'",  # for old browsers without support style-src-attr
    "style-src-elem": "'self'",
+    "base-uri": "'none'",
+    "object-src" : "'none'",
 }

 talisman = Talisman(