Jannis Leidel 712fc63f93 Use flask-talisman for handling backend response headers (#3404) ...

* Normalize Flask initialization API use.

* Use Flask-Talisman.

* Enable HSTS when HTTPS is enforced.

* More details about how CSP is formatted and write CSP directives as a string.

* Use CSP frame-ancestors directive and not X-Frame-Options for embedable endpoints.

* Add link to flask-talisman docs.

* set remember_token cookie to be HTTP-Only and Secure

* Reorganize secret key configuration to be forward thinking and backward compatible.

2019-03-27 17:24:15 +02:00

782 B

Raw Permalink Blame History

View Raw