Show More
@@ -1,1 +1,4 | |||||
|
1 | # URI for the CSP Report. Included here to prevent a cyclic dependency. | |||
|
2 | # csp_report_uri is needed both by the BaseHandler (for setting the report-uri) | |||
|
3 | # and by the CSPReportHandler (which depends on the BaseHandler). | |||
1 | csp_report_uri = r"/api/security/csp-report" |
|
4 | csp_report_uri = r"/api/security/csp-report" |
@@ -1,23 +1,22 | |||||
1 | """Tornado handlers for security logging.""" |
|
1 | """Tornado handlers for security logging.""" | |
2 |
|
2 | |||
3 | # Copyright (c) IPython Development Team. |
|
3 | # Copyright (c) IPython Development Team. | |
4 | # Distributed under the terms of the Modified BSD License. |
|
4 | # Distributed under the terms of the Modified BSD License. | |
5 |
|
5 | |||
6 | from tornado import gen, web |
|
6 | from tornado import gen, web | |
7 |
|
7 | |||
8 | from ...base.handlers import IPythonHandler, json_errors |
|
8 | from ...base.handlers import IPythonHandler, json_errors | |
|
9 | from . import csp_report_uri | |||
9 |
|
10 | |||
10 | class CSPReportHandler(IPythonHandler): |
|
11 | class CSPReportHandler(IPythonHandler): | |
11 | '''Accepts a content security policy violation report''' |
|
12 | '''Accepts a content security policy violation report''' | |
12 | @web.authenticated |
|
13 | @web.authenticated | |
13 | @json_errors |
|
14 | @json_errors | |
14 | def post(self): |
|
15 | def post(self): | |
15 | '''Log a content security policy violation report''' |
|
16 | '''Log a content security policy violation report''' | |
16 | csp_report = self.get_json_body() |
|
17 | csp_report = self.get_json_body() | |
17 | self.log.debug(csp_report) |
|
18 | self.log.debug(csp_report) | |
18 |
|
19 | |||
19 | csp_report_uri = r"/api/security/csp-report" |
|
|||
20 |
|
||||
21 | default_handlers = [ |
|
20 | default_handlers = [ | |
22 | (csp_report_uri, CSPReportHandler) |
|
21 | (csp_report_uri, CSPReportHandler) | |
23 | ] |
|
22 | ] |
General Comments 0
You need to be logged in to leave comments.
Login now