Flask-Tailsman

[fras2560]

One security library is Flask-Tailsman. It seems to enforce good security enforcement. However, it seems the current structure of the app would need to be adjust to make it work.

This ticket should aim to use Flask-Tailsman to help improve security of the app.

[fras2560]

So it seems this library works but just not with CSP enabled.

[fras2560]

https://github.com/Major-League-Summer-Baseball/mlsb-platform/pull/206

This PR introduces a weak policy that could be used moving forward.

However, for a good policy probably want to:

• Move all in-line scripts to files
• Remove all in-line styles
• Update readme to explain impact of CSP and what should not be used for development
• Add readme steps for testing locally https

Going to work through replacing the admin before focusing on this. Admin and documentation have alot of inline style and scripts so replacing them will make things easier.