def render_template(self, filepath, iframe_restriction='DENY', redirect_url_on_logout=None): """Prepares an HTML response to be sent to the client. Args: filepath: str. The template filepath. iframe_restriction: str or None. Possible values are 'DENY' and 'SAMEORIGIN': DENY: Strictly prevents the template to load in an iframe. SAMEORIGIN: The template can only be displayed in a frame on the same origin as the page itself. redirect_url_on_logout: str or None. URL to redirect to on logout. """ values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'ASSET_DIR_PREFIX': utils.get_asset_dir_prefix(), 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup(BEFORE_END_HEAD_TAG_HOOK.value), 'DEV_MODE': feconf.DEV_MODE, 'MINIFICATION': feconf.IS_MINIFIED, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': (rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': (rights_manager.ACTIVITY_STATUS_PUBLIC), 'GCS_RESOURCE_BUCKET_NAME': (app_identity_services.get_gcs_resource_bucket_name()), # The 'path' variable starts with a forward slash. 'FULL_URL': '%s://%s%s' % (scheme, netloc, path), 'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS, 'RTE_COMPONENT_SPECS': (rte_component_registry.Registry.get_all_specs()), 'SITE_FEEDBACK_FORM_URL': feconf.SITE_FEEDBACK_FORM_URL, 'SITE_NAME': feconf.SITE_NAME, 'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES, 'TEMPLATE_DIR_PREFIX': utils.get_template_dir_prefix(), 'can_create_collections': bool(self.role == feconf.ROLE_ID_COLLECTION_EDITOR), 'username': self.username, 'user_is_logged_in': user_services.has_fully_registered(self.user_id), 'preferred_site_language_code': self.preferred_site_language_code, 'allow_yaml_file_upload': feconf.ALLOW_YAML_FILE_UPLOAD }) if feconf.ENABLE_PROMO_BAR: promo_bar_enabled = config_domain.PROMO_BAR_ENABLED.value promo_bar_message = config_domain.PROMO_BAR_MESSAGE.value else: promo_bar_enabled = False promo_bar_message = '' values.update({ 'promo_bar_enabled': promo_bar_enabled, 'promo_bar_message': promo_bar_message, }) if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') # nav_mode is used as part of the GLOBALS object in the frontend, but # not every backend handler declares a nav_mode. Thus, the following # code is a failsafe to ensure that the nav_mode key is added to all # page requests. if 'nav_mode' not in values: values['nav_mode'] = '' if redirect_url_on_logout is None: redirect_url_on_logout = self.request.uri if self.user_id: values['login_url'] = None values['logout_url'] = (current_user_services.create_logout_url( redirect_url_on_logout)) else: target_url = ('/' if self.request.uri.endswith(feconf.SPLASH_URL) else self.request.uri) values['login_url'] = ( current_user_services.create_login_url(target_url)) values['logout_url'] = None # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception('Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write( self.jinja2_env.get_template(filepath).render(**values))
def render_template( self, filename, iframe_restriction='DENY', redirect_url_on_logout=None): values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'ALL_CATEGORIES': feconf.ALL_CATEGORIES, 'ALL_LANGUAGE_CODES': feconf.ALL_LANGUAGE_CODES, 'ASSET_DIR_PREFIX': utils.get_asset_dir_prefix(), 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup( BEFORE_END_HEAD_TAG_HOOK.value), 'CAN_SEND_ANALYTICS_EVENTS': feconf.CAN_SEND_ANALYTICS_EVENTS, 'CATEGORIES_TO_COLORS': feconf.CATEGORIES_TO_COLORS, 'DEFAULT_LANGUAGE_CODE': feconf.ALL_LANGUAGE_CODES[0]['code'], 'DEFAULT_CATEGORY_ICON': feconf.DEFAULT_THUMBNAIL_ICON, 'DEFAULT_COLOR': feconf.DEFAULT_COLOR, 'DEV_MODE': feconf.DEV_MODE, 'MINIFICATION': feconf.IS_MINIFIED, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': ( rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': ( rights_manager.ACTIVITY_STATUS_PUBLIC), 'ACTIVITY_STATUS_PUBLICIZED': ( rights_manager.ACTIVITY_STATUS_PUBLICIZED), # The 'path' variable starts with a forward slash. 'FULL_URL': '%s://%s%s' % (scheme, netloc, path), 'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS, 'RTE_COMPONENT_SPECS': ( rte_component_registry.Registry.get_all_specs()), 'SITE_FEEDBACK_FORM_URL': feconf.SITE_FEEDBACK_FORM_URL, 'SITE_NAME': feconf.SITE_NAME, 'SUPPORTED_SITE_LANGUAGES': feconf.SUPPORTED_SITE_LANGUAGES, 'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES, 'TEMPLATE_DIR_PREFIX': utils.get_template_dir_prefix(), 'can_create_collections': ( self.username and self.username in config_domain.WHITELISTED_COLLECTION_EDITOR_USERNAMES.value ), 'username': self.username, 'user_is_logged_in': user_services.has_fully_registered( self.user_id), 'preferred_site_language_code': self.preferred_site_language_code }) if feconf.ENABLE_PROMO_BAR: promo_bar_enabled = config_domain.PROMO_BAR_ENABLED.value promo_bar_message = config_domain.PROMO_BAR_MESSAGE.value else: promo_bar_enabled = False promo_bar_message = '' values.update({ 'promo_bar_enabled': promo_bar_enabled, 'promo_bar_message': promo_bar_message, }) if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') # nav_mode is used as part of the GLOBALS object in the frontend, but # not every backend handler declares a nav_mode. Thus, the following # code is a failsafe to ensure that the nav_mode key is added to all # page requests. if 'nav_mode' not in values: values['nav_mode'] = '' if redirect_url_on_logout is None: redirect_url_on_logout = self.request.uri if self.user_id: values['login_url'] = None values['logout_url'] = ( current_user_services.create_logout_url( redirect_url_on_logout)) else: target_url = ( '/' if self.request.uri.endswith(feconf.SPLASH_URL) else self.request.uri) values['login_url'] = ( current_user_services.create_login_url(target_url)) values['logout_url'] = None # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception( 'Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write( self.jinja2_env.get_template(filename).render(**values))
def render_template(self, filename, iframe_restriction='DENY', redirect_url_on_logout=None): values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'ALL_CATEGORIES': feconf.ALL_CATEGORIES, 'ALL_LANGUAGE_CODES': feconf.ALL_LANGUAGE_CODES, 'ASSET_DIR_PREFIX': utils.get_asset_dir_prefix(), 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup(BEFORE_END_HEAD_TAG_HOOK.value), 'CAN_SEND_ANALYTICS_EVENTS': feconf.CAN_SEND_ANALYTICS_EVENTS, 'DEFAULT_LANGUAGE_CODE': feconf.ALL_LANGUAGE_CODES[0]['code'], 'DEV_MODE': feconf.DEV_MODE, 'MINIFICATION': feconf.IS_MINIFIED, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': (rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': (rights_manager.ACTIVITY_STATUS_PUBLIC), 'ACTIVITY_STATUS_PUBLICIZED': (rights_manager.ACTIVITY_STATUS_PUBLICIZED), # The 'path' variable starts with a forward slash. 'FULL_URL': '%s://%s%s' % (scheme, netloc, path), 'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS, 'RTE_COMPONENT_SPECS': (rte_component_registry.Registry.get_all_specs()), 'SITE_FEEDBACK_FORM_URL': SITE_FEEDBACK_FORM_URL.value, 'SITE_NAME': SITE_NAME.value, 'SUPPORTED_SITE_LANGUAGES': feconf.SUPPORTED_SITE_LANGUAGES, 'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES, 'TEMPLATE_DIR_PREFIX': utils.get_template_dir_prefix(), 'can_create_collections': (self.username and self.username in config_domain.WHITELISTED_COLLECTION_EDITOR_USERNAMES.value), 'user_is_logged_in': user_services.has_fully_registered(self.user_id), 'preferred_site_language_code': self.preferred_site_language_code }) if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') # nav_mode is used as part of the GLOBALS object in the frontend, but # not every backend handler declares a nav_mode. Thus, the following # code is a failsafe to ensure that the nav_mode key is added to all # page requests. if 'nav_mode' not in values: values['nav_mode'] = '' if redirect_url_on_logout is None: redirect_url_on_logout = self.request.uri if self.user_id: values['logout_url'] = (current_user_services.create_logout_url( redirect_url_on_logout)) else: target_url = ('/' if self.request.uri.endswith(feconf.SPLASH_URL) else self.request.uri) values['login_url'] = ( current_user_services.create_login_url(target_url)) # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception('Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write( self.jinja2_env.get_template(filename).render(**values))
def render_template( self, filename, values=None, iframe_restriction='DENY', redirect_url_on_logout=None): if values is None: values = self.values scheme, netloc, path, _, _ = urlparse.urlsplit(self.request.uri) values.update({ 'ALL_CATEGORIES': feconf.ALL_CATEGORIES, 'ALL_LANGUAGE_CODES': feconf.ALL_LANGUAGE_CODES, 'ASSET_DIR_PREFIX': utils.get_asset_dir_prefix(), 'BEFORE_END_HEAD_TAG_HOOK': jinja2.utils.Markup( BEFORE_END_HEAD_TAG_HOOK.value), 'CAN_SEND_ANALYTICS_EVENTS': feconf.CAN_SEND_ANALYTICS_EVENTS, 'DEFAULT_LANGUAGE_CODE': feconf.ALL_LANGUAGE_CODES[0]['code'], 'DEV_MODE': feconf.DEV_MODE, 'MINIFICATION': feconf.IS_MINIFIED, 'DOMAIN_URL': '%s://%s' % (scheme, netloc), 'ACTIVITY_STATUS_PRIVATE': ( rights_manager.ACTIVITY_STATUS_PRIVATE), 'ACTIVITY_STATUS_PUBLIC': ( rights_manager.ACTIVITY_STATUS_PUBLIC), 'ACTIVITY_STATUS_PUBLICIZED': ( rights_manager.ACTIVITY_STATUS_PUBLICIZED), # The 'path' variable starts with a forward slash. 'FULL_URL': '%s://%s%s' % (scheme, netloc, path), 'INVALID_NAME_CHARS': feconf.INVALID_NAME_CHARS, 'RTE_COMPONENT_SPECS': ( rte_component_registry.Registry.get_all_specs()), 'SITE_FEEDBACK_FORM_URL': SITE_FEEDBACK_FORM_URL.value, 'SITE_NAME': SITE_NAME.value, 'SUPPORTED_SITE_LANGUAGES': feconf.SUPPORTED_SITE_LANGUAGES, 'SYSTEM_USERNAMES': feconf.SYSTEM_USERNAMES, 'TEMPLATE_DIR_PREFIX': utils.get_template_dir_prefix(), 'can_create_collections': ( self.username and self.username in config_domain.WHITELISTED_COLLECTION_EDITOR_USERNAMES.value ), 'user_is_logged_in': user_services.has_fully_registered( self.user_id), 'preferred_site_language_code': self.preferred_site_language_code }) if 'meta_name' not in values: values['meta_name'] = 'Personalized Online Learning from Oppia' if 'meta_description' not in values: values['meta_description'] = ( 'Oppia is a free, open-source learning platform. Join the ' 'community to create or try an exploration today!') if redirect_url_on_logout is None: redirect_url_on_logout = self.request.uri if self.user_id: values['logout_url'] = ( current_user_services.create_logout_url( redirect_url_on_logout)) else: target_url = ( '/' if self.request.uri.endswith(feconf.SPLASH_URL) else self.request.uri) values['login_url'] = ( current_user_services.create_login_url(target_url)) # Create a new csrf token for inclusion in HTML responses. This assumes # that tokens generated in one handler will be sent back to a handler # with the same page name. values['csrf_token'] = '' if self.REQUIRE_PAYLOAD_CSRF_CHECK: values['csrf_token'] = CsrfTokenManager.create_csrf_token( self.user_id) self.response.cache_control.no_cache = True self.response.cache_control.must_revalidate = True self.response.headers['Strict-Transport-Security'] = ( 'max-age=31536000; includeSubDomains') self.response.headers['X-Content-Type-Options'] = 'nosniff' if iframe_restriction is not None: if iframe_restriction in ['SAMEORIGIN', 'DENY']: self.response.headers['X-Frame-Options'] = iframe_restriction else: raise Exception( 'Invalid X-Frame-Options: %s' % iframe_restriction) self.response.expires = 'Mon, 01 Jan 1990 00:00:00 GMT' self.response.pragma = 'no-cache' self.response.write(self.jinja2_env.get_template( filename).render(**values)) # Calculate the processing time of this request. duration = datetime.datetime.utcnow() - self.start_time processing_time = duration.seconds + duration.microseconds / 1E6 counters.HTML_RESPONSE_TIME_SECS.inc(increment=processing_time) counters.HTML_RESPONSE_COUNT.inc()