mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
aurweb.asgi: add security headers middleware
This commit introduces a middleware function which adds
the following security headers to each response:
- Content-Security-Policy
- This includes a new `nonce`, which is tied to a user
via authentication middleware. Both an anonymous user
and an authenticated user recieve their own random nonces.
- X-Content-Type-Options
- Referrer-Policy
- X-Frame-Options
They are then tested for existence in test/test_routes.py.
Note: The overcomplicated-looking asyncio behavior in the
middleware function is used to avoid a warning about the old
coroutine awaits being deprecated. See
https://docs.python.org/3/library/asyncio-task.html#asyncio.wait
for more detail.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris
parent
13456fea1e
commit
865c414504
6 changed files with 106 additions and 3 deletions
|
|
@ -1,6 +1,6 @@
|
|||
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
|
||||
<script type="text/javascript" src="/static/js/bootstrap-typeahead.min.js"></script>
|
||||
<script type="text/javascript">
|
||||
<script type="text/javascript" nonce="{{ request.user.nonce }}">
|
||||
$(document).ready(function() {
|
||||
$('#pkgsearch-field').typeahead({
|
||||
source: function(query, callback) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue