##// END OF EJS Templates
upstream » ipython
RSS

Clone from https://github.com/ipython/ipython.git

Log CSP violations via report
Kyle Kelley -
Show More
Show file before | Show file after | Hide comments
@@ -32,6 +32,8 b' from IPython.utils.path import filefind'
32 32 from IPython.utils.py3compat import string_types
33 33 from IPython.html.utils import is_hidden, url_path_join, url_escape
34 34
35 from IPython.html.services.security.handlers import csp_report_uri
36
35 37 #-----------------------------------------------------------------------------
36 38 # Top-level handlers
37 39 #-----------------------------------------------------------------------------
@@ -46,8 +48,20 b' class AuthenticatedHandler(web.RequestHandler):'
46 48 headers = self.settings.get('headers', {})
47 49
48 50 if "Content-Security-Policy" not in headers:
49 headers["Content-Security-Policy"] = "default-src 'self'"
51 #headers["Content-Security-Policy"] = ""
52 pass
53
54 if "Content-Security-Policy-Report-Only" not in headers:
55
56 reporter_policy = ("default-src 'self'; " +
57 "report-uri " + url_path_join(self.base_url, csp_report_uri) +
58 ";"
59 )
60 self.log.info(reporter_policy)
61
62 headers["Content-Security-Policy-Report-Only"] = reporter_policy
50 63
64 # Allow for overriding headers
51 65 for header_name,value in headers.items() :
52 66 try:
53 67 self.set_header(header_name, value)
Show file before | Show file after | Hide comments
@@ -1,5 +1,11 b''
1 #!/usr/bin/env python
2 # -*- coding: utf-8 -*-
1 """Tornado handlers for security logging."""
2
3 # Copyright (c) IPython Development Team.
4 # Distributed under the terms of the Modified BSD License.
5
6 from tornado import gen, web
7
8 from ...base.handlers import IPythonHandler, json_errors
3 9
4 10 class CSPReportHandler(IPythonHandler):
5 11 '''Accepts a content security policy violation report'''
General Comments 0
You need to be logged in to leave comments. Login now