From 54fa114e6928debe11fcddfcdf525b98342ce7de Mon Sep 17 00:00:00 2001
From: hiromi-mi <hiromi-mi@cat.zaq.jp>
Date: Sun, 5 Jul 2020 19:44:23 +0900
Subject: [PATCH] nonce: remove style-src-elem, style-src-attr (too
 experimental)

---
 app.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/app.py b/app.py
index 651e976..be99773 100644
--- a/app.py
+++ b/app.py
@@ -100,10 +100,8 @@ csrf.init_app(app)
 
 csp = {
     "default-src": "'self'",
-    "style-src-attr": "'unsafe-inline'",
     "script-src": "'self'",  # to use nonce
     "style-src": "'unsafe-inline'",  # for old browsers without support style-src-attr
-    "style-src-elem": "'self'",
     "base-uri": "'none'",
     "object-src" : "'none'",
 }