mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
aurweb.asgi: add security headers middleware
This commit introduces a middleware function which adds
the following security headers to each response:
- Content-Security-Policy
- This includes a new `nonce`, which is tied to a user
via authentication middleware. Both an anonymous user
and an authenticated user recieve their own random nonces.
- X-Content-Type-Options
- Referrer-Policy
- X-Frame-Options
They are then tested for existence in test/test_routes.py.
Note: The overcomplicated-looking asyncio behavior in the
middleware function is used to avoid a warning about the old
coroutine awaits being deprecated. See
https://docs.python.org/3/library/asyncio-task.html#asyncio.wait
for more detail.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris
parent
13456fea1e
commit
865c414504
6 changed files with 106 additions and 3 deletions
|
|
@ -37,6 +37,7 @@ class User(Base):
|
|||
|
||||
# High-level variables used to track authentication (not in DB).
|
||||
authenticated = False
|
||||
nonce = None
|
||||
|
||||
def __init__(self, Passwd: str = str(), **kwargs):
|
||||
super().__init__(**kwargs)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue