From 10d77cf183a2003c3d46b7e48fcb9747a680c92c Mon Sep 17 00:00:00 2001
From: hiromi-mi <hiromi-mi@cat.zaq.jp>
Date: Sat, 20 Jun 2020 10:19:54 +0900
Subject: [PATCH] csp: do not use java applet, <base>

---
 app.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app.py b/app.py
index 8a7a8c4..769c79e 100644
--- a/app.py
+++ b/app.py
@@ -104,6 +104,8 @@ csp = {
     "script-src": "'self'",  # to use nonce
     "style-src": "'unsafe-inline'",  # for old browsers without support style-src-attr
     "style-src-elem": "'self'",
+    "base-uri": "'none'",
+    "object-src" : "'none'",
 }
 
 talisman = Talisman(