Switch to Flask-Talisman

[nhoening]

For ensuring httpS, we are using Flask-SSLify, which is not maintained anymore.

The current recommendation is https://github.com/wntrblm/flask-talisman

It also comes with some other benefits. See also the recommendation to use a CSRF protection library. That can be done in one go or in another ticket.

[nhoening]

We should use force_https_permanent, as the status 302 (temp redirect) caused some problems for me recently (redirected POST to GET)

[nhoening]

It seems we'd need to find the right content policy for external CDN content, as the default is strict.