More template fixes

app/main.py

@@ -128,9 +128,9 @@ class CustomMiddleware:
                 headers["x-xss-protection"] = "1; mode=block"
                 headers["x-frame-options"] = "SAMEORIGIN"
                 # TODO(ts): disallow inline CSS?
-                headers["content-security-policy"] = (
+                headers[
-                    "default-src 'self'" + " style-src 'self' 'unsafe-inline';"
+                    "content-security-policy"
-                )
+                ] = "default-src 'self' style-src 'unsafe-inline';"
                 if not DEBUG:
                     headers[
                         "strict-transport-security"

app/templates/header.html

@@ -18,7 +18,7 @@
 <a href="{{ url_for }}" {% if request.url.path == url_for %}class="active"{% endif %}>{{ text }}</a>
 {% endmacro %}
 
-<div style="margin:30px 0;">
+<div style="margin:30px 0 0 0;">
 <nav class="flexbox">
     <ul>
         <li>{{ header_link("index", "Notes") }}</li>
@@ -27,6 +27,7 @@
         <li>{{ header_link("get_remote_follow", "Remote follow") }}</li>
     </ul>
 </nav>
+</div>
 
 
 </header>

app/templates/utils.html

@@ -272,7 +272,7 @@
             <div><a href="{{ object.url }}"{% if object.is_from_inbox %} rel="nofollow"{% endif %} class="object-permalink u-url u-uid">permalink</a></div>
         </li>
         <li>
-            <time class="dt-published" datetime="{{ object.ap_published_at }}" title="{{ object.ap_published_at.isoformat() }}">{{ object.ap_published_at | timeago }}</time>
+            <time class="dt-published" datetime="{{ object.ap_published_at.replace(microsecond=0).isoformat() }}" title="{{ object.ap_published_at.replace(microsecond=0).isoformat() }}">{{ object.ap_published_at | timeago }}</time>
         </li>
         {% if is_admin %}
             <li>