##// END OF EJS Templates
One unified CSP report URI
Kyle Kelley -
Show More
@@ -1,1 +1,4
1 # URI for the CSP Report. Included here to prevent a cyclic dependency.
2 # csp_report_uri is needed both by the BaseHandler (for setting the report-uri)
3 # and by the CSPReportHandler (which depends on the BaseHandler).
1 csp_report_uri = r"/api/security/csp-report"
4 csp_report_uri = r"/api/security/csp-report"
@@ -1,23 +1,22
1 """Tornado handlers for security logging."""
1 """Tornado handlers for security logging."""
2
2
3 # Copyright (c) IPython Development Team.
3 # Copyright (c) IPython Development Team.
4 # Distributed under the terms of the Modified BSD License.
4 # Distributed under the terms of the Modified BSD License.
5
5
6 from tornado import gen, web
6 from tornado import gen, web
7
7
8 from ...base.handlers import IPythonHandler, json_errors
8 from ...base.handlers import IPythonHandler, json_errors
9 from . import csp_report_uri
9
10
10 class CSPReportHandler(IPythonHandler):
11 class CSPReportHandler(IPythonHandler):
11 '''Accepts a content security policy violation report'''
12 '''Accepts a content security policy violation report'''
12 @web.authenticated
13 @web.authenticated
13 @json_errors
14 @json_errors
14 def post(self):
15 def post(self):
15 '''Log a content security policy violation report'''
16 '''Log a content security policy violation report'''
16 csp_report = self.get_json_body()
17 csp_report = self.get_json_body()
17 self.log.debug(csp_report)
18 self.log.debug(csp_report)
18
19
19 csp_report_uri = r"/api/security/csp-report"
20
21 default_handlers = [
20 default_handlers = [
22 (csp_report_uri, CSPReportHandler)
21 (csp_report_uri, CSPReportHandler)
23 ]
22 ]
General Comments 0
You need to be logged in to leave comments. Login now