As a second barrier against XSS, we should addding a CSP directive (self, unsafe-eval) when moving to Flask.
We need to consider that you can fetch request content from the same URL, so we must either separate that (other port) or add another form of authentication (might ref #42)
As a second barrier against XSS, we should addding a CSP directive (self, unsafe-eval) when moving to Flask. We need to consider that you can fetch request content from the same URL, so we must either separate that (other port) or add another form of authentication (might ref #42)