Esempio n. 1
0
    def content_security_policy_report_only(self) -> ContentSecurityPolicy:
        def on_update(content_security_policy: ContentSecurityPolicy) -> None:
            self.content_security_policy_report_only = content_security_policy

        return ContentSecurityPolicy.from_header(
            self.headers.get("Content-Security-Policy-Report-Only", ""),
            on_update)
Esempio n. 2
0
    def content_security_policy(self) -> ContentSecurityPolicy:
        """The ``Content-Security-Policy`` header as a
        :class:`~werkzeug.datastructures.ContentSecurityPolicy` object. Available
        even if the header is not set.

        The Content-Security-Policy header adds an additional layer of
        security to help detect and mitigate certain types of attacks.
        """

        def on_update(csp: ContentSecurityPolicy) -> None:
            if not csp:
                del self.headers["content-security-policy"]
            else:
                self.headers["Content-Security-Policy"] = csp.to_header()

        rv = parse_csp_header(self.headers.get("content-security-policy"), on_update)
        if rv is None:
            rv = ContentSecurityPolicy(None, on_update=on_update)
        return rv
Esempio n. 3
0
    def content_security_policy_report_only(self) -> ContentSecurityPolicy:
        """The ``Content-Security-policy-report-only`` header as a
        :class:`~werkzeug.datastructures.ContentSecurityPolicy` object. Available
        even if the header is not set.

        The Content-Security-Policy-Report-Only header adds a csp policy
        that is not enforced but is reported thereby helping detect
        certain types of attacks.
        """
        def on_update(csp: ContentSecurityPolicy) -> None:
            if not csp:
                del self.headers["content-security-policy-report-only"]
            else:
                self.headers[
                    "Content-Security-policy-report-only"] = csp.to_header()

        rv = parse_csp_header(
            self.headers.get("content-security-policy-report-only"), on_update)
        if rv is None:
            rv = ContentSecurityPolicy(None, on_update=on_update)
        return rv
Esempio n. 4
0
 def content_security_policy_report_only(
         self, value: ContentSecurityPolicy) -> None:
     self._set_or_pop_header("Content-Security-Policy-Report-Only",
                             value.to_header())
Esempio n. 5
0
 def on_update(csp: ContentSecurityPolicy) -> None:
     if not csp:
         del self.headers["content-security-policy-report-only"]
     else:
         self.headers["Content-Security-policy-report-only"] = csp.to_header()