def transformIterable(self, result, encoding):
if CSRF_DISABLED:
return
# only auto CSRF protect authenticated users
if isAnonymousUser(getSecurityManager().getUser()):
return
# if on confirm view, do not check, just abort and
# immediately transform without csrf checking again
if IConfirmView.providedBy(self.request.get('PUBLISHED')):
return
# next, check if we're a resource not connected
# to a ZODB object--no context
context = self.getContext()
if not context:
return
tool = getToolByName(context, 'portal_url', None)
if tool:
self.site = tool.getPortalObject()
try:
self.key_manager = getUtility(IKeyManager)
except ComponentLookupError:
root = getRoot(context)
self.key_manager = getRootKeyManager(root)
if self.site is None and self.key_manager is None:
# key manager not installed and no site object.
# key manager must not be installed on site root, ignore
return
return self.transform(result, encoding)
def transformIterable(self, result, encoding):
"""Apply the transform if required
"""
# before anything, do the clickjacking protection
self.request.response.setHeader('X-Frame-Options', X_FRAME_OPTIONS)
if CSRF_DISABLED:
return
# only auto CSRF protect authenticated users
if isAnonymousUser(getSecurityManager().getUser()):
return
# if on confirm view, do not check, just abort and
# immediately transform without csrf checking again
if IConfirmView.providedBy(self.request.get('PUBLISHED')):
# abort it, show the confirmation...
transaction.abort()
return self.transform(result)
# next, check if we're a resource not connected
# to a ZODB object--no context
context = self.getContext()
if not context:
return
if not self.check():
# we don't need to transform the doc, we're getting redirected
return
# finally, let's run the transform
return self.transform(result)
def transformIterable(self, result, encoding):
if CSRF_DISABLED:
return
# only auto CSRF protect authenticated users
if isAnonymousUser(getSecurityManager().getUser()):
return
# if on confirm view, do not check, just abort and
# immediately transform without csrf checking again
if IConfirmView.providedBy(self.request.get('PUBLISHED')):
return
# next, check if we're a resource not connected
# to a ZODB object--no context
context = self.getContext()
if not context:
return
tool = getToolByName(context, 'portal_url', None)
if tool:
self.site = tool.getPortalObject()
try:
self.key_manager = getUtility(IKeyManager)
except ComponentLookupError:
root = getRoot(context)
self.key_manager = getRootKeyManager(root)
if self.site is None and self.key_manager is None:
# key manager not installed and no site object.
# key manager must not be installed on site root, ignore
return
return self.transform(result, encoding)
def transformIterable(self, result, encoding):
"""Apply the transform if required
"""
# before anything, do the clickjacking protection
if (
X_FRAME_OPTIONS and
not self.request.response.getHeader('X-Frame-Options')
):
self.request.response.setHeader('X-Frame-Options', X_FRAME_OPTIONS)
if CSRF_DISABLED:
return
# only auto CSRF protect authenticated users
if isAnonymousUser(getSecurityManager().getUser()):
return
# if on confirm view, do not check, just abort and
# immediately transform without csrf checking again
if IConfirmView.providedBy(self.request.get('PUBLISHED')):
# abort it, show the confirmation...
transaction.abort()
return self.transform(result, encoding)
# next, check if we're a resource not connected
# to a ZODB object--no context
context = self.getContext()
if not context:
return
try:
tool = getToolByName(context, 'portal_url', None)
if tool:
self.site = tool.getPortalObject()
except TypeError:
self.site = getSite()
try:
self.key_manager = getUtility(IKeyManager)
except ComponentLookupError:
root = getRoot(context)
self.key_manager = getRootKeyManager(root)
if self.site is None and self.key_manager is None:
# key manager not installed and no site object.
# key manager must not be installed on site root, ignore
return
if not self.check():
# we don't need to transform the doc, we're getting redirected
return
# finally, let's run the transform
return self.transform(result, encoding)
def transformIterable(self, result, encoding):
"""Apply the transform if required
"""
# before anything, do the clickjacking protection
if X_FRAME_OPTIONS and not self.request.response.getHeader(
'X-Frame-Options'):
self.request.response.setHeader('X-Frame-Options', X_FRAME_OPTIONS)
if CSRF_DISABLED:
return
# only auto CSRF protect authenticated users
if isAnonymousUser(getSecurityManager().getUser()):
return
# if on confirm view, do not check, just abort and
# immediately transform without csrf checking again
if IConfirmView.providedBy(self.request.get('PUBLISHED')):
# abort it, show the confirmation...
transaction.abort()
return self.transform(result, encoding)
# next, check if we're a resource not connected
# to a ZODB object--no context
context = self.getContext()
if not context:
return
try:
tool = getToolByName(context, 'portal_url', None)
if tool:
self.site = tool.getPortalObject()
except TypeError:
self.site = getSite()
try:
self.key_manager = getUtility(IKeyManager)
except ComponentLookupError:
root = getRoot(context)
self.key_manager = getRootKeyManager(root)
if self.site is None and self.key_manager is None:
# key manager not installed and no site object.
# key manager must not be installed on site root, ignore
return
if not self.check():
# we don't need to transform the doc, we're getting redirected
return
# finally, let's run the transform
return self.transform(result, encoding)
