vbatts/microblog.pub
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nonce: remove style-src-elem, style-src-attr (too experimental)

Browse source
This commit is contained in:
hiromi-mi 2020-07-05 19:44:23 +09:00
parent d865d6ede9
commit 54fa114e69
1 changed files with 0 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app.py
View file

@ -100,10 +100,8 @@ csrf.init_app(app)
csp = {
"default-src": "'self'",
"style-src-attr": "'unsafe-inline'",
"script-src": "'self'", # to use nonce
"style-src": "'unsafe-inline'", # for old browsers without support style-src-attr
"style-src-elem": "'self'",
"base-uri": "'none'",
"object-src" : "'none'",
}