@app.after_request def add_security_headers(resp): resp.headers['Content-Security-Policy']='default-src \'self\'' return resp