nonce: remove style-src-elem, style-src-attr (too experimental)
This commit is contained in:
parent
d865d6ede9
commit
54fa114e69
1 changed files with 0 additions and 2 deletions
2
app.py
2
app.py
|
@ -100,10 +100,8 @@ csrf.init_app(app)
|
||||||
|
|
||||||
csp = {
|
csp = {
|
||||||
"default-src": "'self'",
|
"default-src": "'self'",
|
||||||
"style-src-attr": "'unsafe-inline'",
|
|
||||||
"script-src": "'self'", # to use nonce
|
"script-src": "'self'", # to use nonce
|
||||||
"style-src": "'unsafe-inline'", # for old browsers without support style-src-attr
|
"style-src": "'unsafe-inline'", # for old browsers without support style-src-attr
|
||||||
"style-src-elem": "'self'",
|
|
||||||
"base-uri": "'none'",
|
"base-uri": "'none'",
|
||||||
"object-src" : "'none'",
|
"object-src" : "'none'",
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue