From ea3f62b4f6ddad5f76329d4e72bb18ab2683b724 Mon Sep 17 00:00:00 2001
From: hiromi-mi <hiromi-mi@cat.zaq.jp>
Date: Sun, 5 Jul 2020 19:48:30 +0900
Subject: [PATCH] csp: load pure.css

---
 app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.py b/app.py
index be99773..ae84a5f 100644
--- a/app.py
+++ b/app.py
@@ -101,7 +101,7 @@ csrf.init_app(app)
 csp = {
     "default-src": "'self'",
     "script-src": "'self'",  # to use nonce
-    "style-src": "'unsafe-inline'",  # for old browsers without support style-src-attr
+    "style-src": ["'self'", "'unsafe-inline'"],
     "base-uri": "'none'",
     "object-src" : "'none'",
 }