Python : CSP bad configuration

Unsafe Security Content Policy (CSP) settings.

An inappropriately configured Content Security Policy expose the application to client-side threats such as cross-site scripting, cross-frame scripting, and cross-site request forgery.

Content Security Policy is a security header that allows developers to determine on which domains a site is allowed to load content or initiate connections when they are displayed in a web browser. It provides an additional level of security against critical vulnerabilities, such as cros-site scripting, clickjacking, cross-origin access, and so on. However, an incorrectly configured header does not provide this additional level of security. CSPs are defined by fifteen directives, eight of which control access to resources, namely: script-src, img-src, object-src, style_src, font-src, media-src, frame-src, connect-src. Each directive takes a list of sources as values that define the domains to which access is allowed for the object covered by this directive. In this case, the value of one of the directives is *, which allows access to all domains.