Show More
| @@ -32,6 +32,8 b' from IPython.utils.path import filefind' | |||||
| 32 | from IPython.utils.py3compat import string_types |
|
32 | from IPython.utils.py3compat import string_types | |
| 33 | from IPython.html.utils import is_hidden, url_path_join, url_escape |
|
33 | from IPython.html.utils import is_hidden, url_path_join, url_escape | |
| 34 |
|
34 | |||
|
|
35 | from IPython.html.services.security.handlers import csp_report_uri | |||
|
|
36 | ||||
| 35 | #----------------------------------------------------------------------------- |
|
37 | #----------------------------------------------------------------------------- | |
| 36 | # Top-level handlers |
|
38 | # Top-level handlers | |
| 37 | #----------------------------------------------------------------------------- |
|
39 | #----------------------------------------------------------------------------- | |
| @@ -46,8 +48,20 b' class AuthenticatedHandler(web.RequestHandler):' | |||||
| 46 | headers = self.settings.get('headers', {}) |
|
48 | headers = self.settings.get('headers', {}) | |
| 47 |
|
49 | |||
| 48 | if "Content-Security-Policy" not in headers: |
|
50 | if "Content-Security-Policy" not in headers: | |
| 49 |
headers["Content-Security-Policy"] = " |
|
51 | #headers["Content-Security-Policy"] = "" | |
|
|
52 | pass | |||
|
|
53 | ||||
|
|
54 | if "Content-Security-Policy-Report-Only" not in headers: | |||
|
|
55 | ||||
|
|
56 | reporter_policy = ("default-src 'self'; " + | |||
|
|
57 | "report-uri " + url_path_join(self.base_url, csp_report_uri) + | |||
|
|
58 | ";" | |||
|
|
59 | ) | |||
|
|
60 | self.log.info(reporter_policy) | |||
|
|
61 | ||||
|
|
62 | headers["Content-Security-Policy-Report-Only"] = reporter_policy | |||
| 50 |
|
63 | |||
|
|
64 | # Allow for overriding headers | |||
| 51 | for header_name,value in headers.items() : |
|
65 | for header_name,value in headers.items() : | |
| 52 | try: |
|
66 | try: | |
| 53 | self.set_header(header_name, value) |
|
67 | self.set_header(header_name, value) | |
| @@ -1,5 +1,11 b'' | |||||
| 1 | #!/usr/bin/env python |
|
1 | """Tornado handlers for security logging.""" | |
| 2 | # -*- coding: utf-8 -*- |
|
2 | ||
|
|
3 | # Copyright (c) IPython Development Team. | |||
|
|
4 | # Distributed under the terms of the Modified BSD License. | |||
|
|
5 | ||||
|
|
6 | from tornado import gen, web | |||
|
|
7 | ||||
|
|
8 | from ...base.handlers import IPythonHandler, json_errors | |||
| 3 |
|
9 | |||
| 4 | class CSPReportHandler(IPythonHandler): |
|
10 | class CSPReportHandler(IPythonHandler): | |
| 5 | '''Accepts a content security policy violation report''' |
|
11 | '''Accepts a content security policy violation report''' | |
General Comments 0
You need to be logged in to leave comments.
Login now