mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
865c414504
This commit introduces a middleware function which adds
the following security headers to each response:
- Content-Security-Policy
- This includes a new `nonce`, which is tied to a user
via authentication middleware. Both an anonymous user
and an authenticated user recieve their own random nonces.
- X-Content-Type-Options
- Referrer-Policy
- X-Frame-Options
They are then tested for existence in test/test_routes.py.
Note: The overcomplicated-looking asyncio behavior in the
middleware function is used to avoid a warning about the old
coroutine awaits being deprecated. See
https://docs.python.org/3/library/asyncio-task.html#asyncio.wait
for more detail.
Signed-off-by: Kevin Morris <kevr@0cost.org>
|
||
|---|---|---|
| .. | ||
| __init__.py | ||
| accepted_term.py | ||
| account_type.py | ||
| api_rate_limit.py | ||
| ban.py | ||
| declarative.py | ||
| dependency_type.py | ||
| group.py | ||
| license.py | ||
| official_provider.py | ||
| package.py | ||
| package_base.py | ||
| package_blacklist.py | ||
| package_comaintainer.py | ||
| package_comment.py | ||
| package_dependency.py | ||
| package_group.py | ||
| package_keyword.py | ||
| package_license.py | ||
| package_notification.py | ||
| package_relation.py | ||
| package_request.py | ||
| package_source.py | ||
| package_vote.py | ||
| relation_type.py | ||
| request_type.py | ||
| session.py | ||
| ssh_pub_key.py | ||
| term.py | ||
| tu_vote.py | ||
| tu_voteinfo.py | ||
| user.py | ||