Show More
| @@ -1,262 +1,263 b'' | |||||
| 1 | # hgweb/common.py - Utility functions needed by hgweb_mod and hgwebdir_mod |
|
1 | # hgweb/common.py - Utility functions needed by hgweb_mod and hgwebdir_mod | |
| 2 | # |
|
2 | # | |
| 3 | # Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net> |
|
3 | # Copyright 21 May 2005 - (c) 2005 Jake Edge <jake@edge2.net> | |
| 4 | # Copyright 2005, 2006 Matt Mackall <mpm@selenic.com> |
|
4 | # Copyright 2005, 2006 Matt Mackall <mpm@selenic.com> | |
| 5 | # |
|
5 | # | |
| 6 | # This software may be used and distributed according to the terms of the |
|
6 | # This software may be used and distributed according to the terms of the | |
| 7 | # GNU General Public License version 2 or any later version. |
|
7 | # GNU General Public License version 2 or any later version. | |
| 8 |
|
8 | |||
| 9 | from __future__ import absolute_import |
|
9 | from __future__ import absolute_import | |
| 10 |
|
10 | |||
| 11 | import base64 |
|
11 | import base64 | |
| 12 | import errno |
|
12 | import errno | |
| 13 | import mimetypes |
|
13 | import mimetypes | |
| 14 | import os |
|
14 | import os | |
| 15 | import stat |
|
15 | import stat | |
| 16 |
|
16 | |||
| 17 | from .. import ( |
|
17 | from .. import ( | |
| 18 | encoding, |
|
18 | encoding, | |
| 19 | pycompat, |
|
19 | pycompat, | |
| 20 | util, |
|
20 | util, | |
| 21 | ) |
|
21 | ) | |
| 22 |
|
22 | |||
| 23 | httpserver = util.httpserver |
|
23 | httpserver = util.httpserver | |
| 24 |
|
24 | |||
| 25 | HTTP_OK = 200 |
|
25 | HTTP_OK = 200 | |
| 26 | HTTP_CREATED = 201 |
|
26 | HTTP_CREATED = 201 | |
| 27 | HTTP_NOT_MODIFIED = 304 |
|
27 | HTTP_NOT_MODIFIED = 304 | |
| 28 | HTTP_BAD_REQUEST = 400 |
|
28 | HTTP_BAD_REQUEST = 400 | |
| 29 | HTTP_UNAUTHORIZED = 401 |
|
29 | HTTP_UNAUTHORIZED = 401 | |
| 30 | HTTP_FORBIDDEN = 403 |
|
30 | HTTP_FORBIDDEN = 403 | |
| 31 | HTTP_NOT_FOUND = 404 |
|
31 | HTTP_NOT_FOUND = 404 | |
| 32 | HTTP_METHOD_NOT_ALLOWED = 405 |
|
32 | HTTP_METHOD_NOT_ALLOWED = 405 | |
| 33 | HTTP_NOT_ACCEPTABLE = 406 |
|
33 | HTTP_NOT_ACCEPTABLE = 406 | |
| 34 | HTTP_UNSUPPORTED_MEDIA_TYPE = 415 |
|
34 | HTTP_UNSUPPORTED_MEDIA_TYPE = 415 | |
| 35 | HTTP_SERVER_ERROR = 500 |
|
35 | HTTP_SERVER_ERROR = 500 | |
| 36 |
|
36 | |||
| 37 |
|
37 | |||
| 38 | def ismember(ui, username, userlist): |
|
38 | def ismember(ui, username, userlist): | |
| 39 | """Check if username is a member of userlist. |
|
39 | """Check if username is a member of userlist. | |
| 40 |
|
40 | |||
| 41 | If userlist has a single '*' member, all users are considered members. |
|
41 | If userlist has a single '*' member, all users are considered members. | |
| 42 | Can be overridden by extensions to provide more complex authorization |
|
42 | Can be overridden by extensions to provide more complex authorization | |
| 43 | schemes. |
|
43 | schemes. | |
| 44 | """ |
|
44 | """ | |
| 45 | return userlist == ['*'] or username in userlist |
|
45 | return userlist == ['*'] or username in userlist | |
| 46 |
|
46 | |||
| 47 | def checkauthz(hgweb, req, op): |
|
47 | def checkauthz(hgweb, req, op): | |
| 48 | '''Check permission for operation based on request data (including |
|
48 | '''Check permission for operation based on request data (including | |
| 49 | authentication info). Return if op allowed, else raise an ErrorResponse |
|
49 | authentication info). Return if op allowed, else raise an ErrorResponse | |
| 50 | exception.''' |
|
50 | exception.''' | |
| 51 |
|
51 | |||
| 52 | user = req.remoteuser |
|
52 | user = req.remoteuser | |
| 53 |
|
53 | |||
| 54 | deny_read = hgweb.configlist('web', 'deny_read') |
|
54 | deny_read = hgweb.configlist('web', 'deny_read') | |
| 55 | if deny_read and (not user or ismember(hgweb.repo.ui, user, deny_read)): |
|
55 | if deny_read and (not user or ismember(hgweb.repo.ui, user, deny_read)): | |
| 56 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'read not authorized') |
|
56 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'read not authorized') | |
| 57 |
|
57 | |||
| 58 | allow_read = hgweb.configlist('web', 'allow_read') |
|
58 | allow_read = hgweb.configlist('web', 'allow_read') | |
| 59 | if allow_read and (not ismember(hgweb.repo.ui, user, allow_read)): |
|
59 | if allow_read and (not ismember(hgweb.repo.ui, user, allow_read)): | |
| 60 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'read not authorized') |
|
60 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'read not authorized') | |
| 61 |
|
61 | |||
| 62 | if op == 'pull' and not hgweb.allowpull: |
|
62 | if op == 'pull' and not hgweb.allowpull: | |
| 63 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'pull not authorized') |
|
63 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'pull not authorized') | |
| 64 | elif op == 'pull' or op is None: # op is None for interface requests |
|
64 | elif op == 'pull' or op is None: # op is None for interface requests | |
| 65 | return |
|
65 | return | |
| 66 |
|
66 | |||
| 67 | # Allow LFS uploading via PUT requests |
|
67 | # Allow LFS uploading via PUT requests | |
| 68 | if op == 'upload': |
|
68 | if op == 'upload': | |
| 69 | if req.method != 'PUT': |
|
69 | if req.method != 'PUT': | |
| 70 | msg = 'upload requires PUT request' |
|
70 | msg = 'upload requires PUT request' | |
| 71 | raise ErrorResponse(HTTP_METHOD_NOT_ALLOWED, msg) |
|
71 | raise ErrorResponse(HTTP_METHOD_NOT_ALLOWED, msg) | |
| 72 | # enforce that you can only push using POST requests |
|
72 | # enforce that you can only push using POST requests | |
| 73 | elif req.method != 'POST': |
|
73 | elif req.method != 'POST': | |
| 74 | msg = 'push requires POST request' |
|
74 | msg = 'push requires POST request' | |
| 75 | raise ErrorResponse(HTTP_METHOD_NOT_ALLOWED, msg) |
|
75 | raise ErrorResponse(HTTP_METHOD_NOT_ALLOWED, msg) | |
| 76 |
|
76 | |||
| 77 | # require ssl by default for pushing, auth info cannot be sniffed |
|
77 | # require ssl by default for pushing, auth info cannot be sniffed | |
| 78 | # and replayed |
|
78 | # and replayed | |
| 79 | if hgweb.configbool('web', 'push_ssl') and req.urlscheme != 'https': |
|
79 | if hgweb.configbool('web', 'push_ssl') and req.urlscheme != 'https': | |
| 80 | raise ErrorResponse(HTTP_FORBIDDEN, 'ssl required') |
|
80 | raise ErrorResponse(HTTP_FORBIDDEN, 'ssl required') | |
| 81 |
|
81 | |||
| 82 | deny = hgweb.configlist('web', 'deny_push') |
|
82 | deny = hgweb.configlist('web', 'deny_push') | |
| 83 | if deny and (not user or ismember(hgweb.repo.ui, user, deny)): |
|
83 | if deny and (not user or ismember(hgweb.repo.ui, user, deny)): | |
| 84 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'push not authorized') |
|
84 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'push not authorized') | |
| 85 |
|
85 | |||
| 86 | allow = hgweb.configlist('web', 'allow-push') |
|
86 | allow = hgweb.configlist('web', 'allow-push') | |
| 87 | if not (allow and ismember(hgweb.repo.ui, user, allow)): |
|
87 | if not (allow and ismember(hgweb.repo.ui, user, allow)): | |
| 88 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'push not authorized') |
|
88 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'push not authorized') | |
| 89 |
|
89 | |||
| 90 | # Hooks for hgweb permission checks; extensions can add hooks here. |
|
90 | # Hooks for hgweb permission checks; extensions can add hooks here. | |
| 91 | # Each hook is invoked like this: hook(hgweb, request, operation), |
|
91 | # Each hook is invoked like this: hook(hgweb, request, operation), | |
| 92 | # where operation is either read, pull, push or upload. Hooks should either |
|
92 | # where operation is either read, pull, push or upload. Hooks should either | |
| 93 | # raise an ErrorResponse exception, or just return. |
|
93 | # raise an ErrorResponse exception, or just return. | |
| 94 | # |
|
94 | # | |
| 95 | # It is possible to do both authentication and authorization through |
|
95 | # It is possible to do both authentication and authorization through | |
| 96 | # this. |
|
96 | # this. | |
| 97 | permhooks = [checkauthz] |
|
97 | permhooks = [checkauthz] | |
| 98 |
|
98 | |||
| 99 |
|
99 | |||
| 100 | class ErrorResponse(Exception): |
|
100 | class ErrorResponse(Exception): | |
| 101 | def __init__(self, code, message=None, headers=None): |
|
101 | def __init__(self, code, message=None, headers=None): | |
| 102 | if message is None: |
|
102 | if message is None: | |
| 103 | message = _statusmessage(code) |
|
103 | message = _statusmessage(code) | |
| 104 | Exception.__init__(self, pycompat.sysstr(message)) |
|
104 | Exception.__init__(self, pycompat.sysstr(message)) | |
| 105 | self.code = code |
|
105 | self.code = code | |
| 106 | if headers is None: |
|
106 | if headers is None: | |
| 107 | headers = [] |
|
107 | headers = [] | |
| 108 | self.headers = headers |
|
108 | self.headers = headers | |
|
|
109 | self.message = message | |||
| 109 |
|
110 | |||
| 110 | class continuereader(object): |
|
111 | class continuereader(object): | |
| 111 | """File object wrapper to handle HTTP 100-continue. |
|
112 | """File object wrapper to handle HTTP 100-continue. | |
| 112 |
|
113 | |||
| 113 | This is used by servers so they automatically handle Expect: 100-continue |
|
114 | This is used by servers so they automatically handle Expect: 100-continue | |
| 114 | request headers. On first read of the request body, the 100 Continue |
|
115 | request headers. On first read of the request body, the 100 Continue | |
| 115 | response is sent. This should trigger the client into actually sending |
|
116 | response is sent. This should trigger the client into actually sending | |
| 116 | the request body. |
|
117 | the request body. | |
| 117 | """ |
|
118 | """ | |
| 118 | def __init__(self, f, write): |
|
119 | def __init__(self, f, write): | |
| 119 | self.f = f |
|
120 | self.f = f | |
| 120 | self._write = write |
|
121 | self._write = write | |
| 121 | self.continued = False |
|
122 | self.continued = False | |
| 122 |
|
123 | |||
| 123 | def read(self, amt=-1): |
|
124 | def read(self, amt=-1): | |
| 124 | if not self.continued: |
|
125 | if not self.continued: | |
| 125 | self.continued = True |
|
126 | self.continued = True | |
| 126 | self._write('HTTP/1.1 100 Continue\r\n\r\n') |
|
127 | self._write('HTTP/1.1 100 Continue\r\n\r\n') | |
| 127 | return self.f.read(amt) |
|
128 | return self.f.read(amt) | |
| 128 |
|
129 | |||
| 129 | def __getattr__(self, attr): |
|
130 | def __getattr__(self, attr): | |
| 130 | if attr in ('close', 'readline', 'readlines', '__iter__'): |
|
131 | if attr in ('close', 'readline', 'readlines', '__iter__'): | |
| 131 | return getattr(self.f, attr) |
|
132 | return getattr(self.f, attr) | |
| 132 | raise AttributeError |
|
133 | raise AttributeError | |
| 133 |
|
134 | |||
| 134 | def _statusmessage(code): |
|
135 | def _statusmessage(code): | |
| 135 | responses = httpserver.basehttprequesthandler.responses |
|
136 | responses = httpserver.basehttprequesthandler.responses | |
| 136 | return pycompat.bytesurl( |
|
137 | return pycompat.bytesurl( | |
| 137 | responses.get(code, (r'Error', r'Unknown error'))[0]) |
|
138 | responses.get(code, (r'Error', r'Unknown error'))[0]) | |
| 138 |
|
139 | |||
| 139 | def statusmessage(code, message=None): |
|
140 | def statusmessage(code, message=None): | |
| 140 | return '%d %s' % (code, message or _statusmessage(code)) |
|
141 | return '%d %s' % (code, message or _statusmessage(code)) | |
| 141 |
|
142 | |||
| 142 | def get_stat(spath, fn): |
|
143 | def get_stat(spath, fn): | |
| 143 | """stat fn if it exists, spath otherwise""" |
|
144 | """stat fn if it exists, spath otherwise""" | |
| 144 | cl_path = os.path.join(spath, fn) |
|
145 | cl_path = os.path.join(spath, fn) | |
| 145 | if os.path.exists(cl_path): |
|
146 | if os.path.exists(cl_path): | |
| 146 | return os.stat(cl_path) |
|
147 | return os.stat(cl_path) | |
| 147 | else: |
|
148 | else: | |
| 148 | return os.stat(spath) |
|
149 | return os.stat(spath) | |
| 149 |
|
150 | |||
| 150 | def get_mtime(spath): |
|
151 | def get_mtime(spath): | |
| 151 | return get_stat(spath, "00changelog.i")[stat.ST_MTIME] |
|
152 | return get_stat(spath, "00changelog.i")[stat.ST_MTIME] | |
| 152 |
|
153 | |||
| 153 | def ispathsafe(path): |
|
154 | def ispathsafe(path): | |
| 154 | """Determine if a path is safe to use for filesystem access.""" |
|
155 | """Determine if a path is safe to use for filesystem access.""" | |
| 155 | parts = path.split('/') |
|
156 | parts = path.split('/') | |
| 156 | for part in parts: |
|
157 | for part in parts: | |
| 157 | if (part in ('', pycompat.oscurdir, pycompat.ospardir) or |
|
158 | if (part in ('', pycompat.oscurdir, pycompat.ospardir) or | |
| 158 | pycompat.ossep in part or |
|
159 | pycompat.ossep in part or | |
| 159 | pycompat.osaltsep is not None and pycompat.osaltsep in part): |
|
160 | pycompat.osaltsep is not None and pycompat.osaltsep in part): | |
| 160 | return False |
|
161 | return False | |
| 161 |
|
162 | |||
| 162 | return True |
|
163 | return True | |
| 163 |
|
164 | |||
| 164 | def staticfile(directory, fname, res): |
|
165 | def staticfile(directory, fname, res): | |
| 165 | """return a file inside directory with guessed Content-Type header |
|
166 | """return a file inside directory with guessed Content-Type header | |
| 166 |
|
167 | |||
| 167 | fname always uses '/' as directory separator and isn't allowed to |
|
168 | fname always uses '/' as directory separator and isn't allowed to | |
| 168 | contain unusual path components. |
|
169 | contain unusual path components. | |
| 169 | Content-Type is guessed using the mimetypes module. |
|
170 | Content-Type is guessed using the mimetypes module. | |
| 170 | Return an empty string if fname is illegal or file not found. |
|
171 | Return an empty string if fname is illegal or file not found. | |
| 171 |
|
172 | |||
| 172 | """ |
|
173 | """ | |
| 173 | if not ispathsafe(fname): |
|
174 | if not ispathsafe(fname): | |
| 174 | return |
|
175 | return | |
| 175 |
|
176 | |||
| 176 | fpath = os.path.join(*fname.split('/')) |
|
177 | fpath = os.path.join(*fname.split('/')) | |
| 177 | if isinstance(directory, str): |
|
178 | if isinstance(directory, str): | |
| 178 | directory = [directory] |
|
179 | directory = [directory] | |
| 179 | for d in directory: |
|
180 | for d in directory: | |
| 180 | path = os.path.join(d, fpath) |
|
181 | path = os.path.join(d, fpath) | |
| 181 | if os.path.exists(path): |
|
182 | if os.path.exists(path): | |
| 182 | break |
|
183 | break | |
| 183 | try: |
|
184 | try: | |
| 184 | os.stat(path) |
|
185 | os.stat(path) | |
| 185 | ct = pycompat.sysbytes( |
|
186 | ct = pycompat.sysbytes( | |
| 186 | mimetypes.guess_type(pycompat.fsdecode(path))[0] or r"text/plain") |
|
187 | mimetypes.guess_type(pycompat.fsdecode(path))[0] or r"text/plain") | |
| 187 | with open(path, 'rb') as fh: |
|
188 | with open(path, 'rb') as fh: | |
| 188 | data = fh.read() |
|
189 | data = fh.read() | |
| 189 |
|
190 | |||
| 190 | res.headers['Content-Type'] = ct |
|
191 | res.headers['Content-Type'] = ct | |
| 191 | res.setbodybytes(data) |
|
192 | res.setbodybytes(data) | |
| 192 | return res |
|
193 | return res | |
| 193 | except TypeError: |
|
194 | except TypeError: | |
| 194 | raise ErrorResponse(HTTP_SERVER_ERROR, 'illegal filename') |
|
195 | raise ErrorResponse(HTTP_SERVER_ERROR, 'illegal filename') | |
| 195 | except OSError as err: |
|
196 | except OSError as err: | |
| 196 | if err.errno == errno.ENOENT: |
|
197 | if err.errno == errno.ENOENT: | |
| 197 | raise ErrorResponse(HTTP_NOT_FOUND) |
|
198 | raise ErrorResponse(HTTP_NOT_FOUND) | |
| 198 | else: |
|
199 | else: | |
| 199 | raise ErrorResponse(HTTP_SERVER_ERROR, |
|
200 | raise ErrorResponse(HTTP_SERVER_ERROR, | |
| 200 | encoding.strtolocal(err.strerror)) |
|
201 | encoding.strtolocal(err.strerror)) | |
| 201 |
|
202 | |||
| 202 | def paritygen(stripecount, offset=0): |
|
203 | def paritygen(stripecount, offset=0): | |
| 203 | """count parity of horizontal stripes for easier reading""" |
|
204 | """count parity of horizontal stripes for easier reading""" | |
| 204 | if stripecount and offset: |
|
205 | if stripecount and offset: | |
| 205 | # account for offset, e.g. due to building the list in reverse |
|
206 | # account for offset, e.g. due to building the list in reverse | |
| 206 | count = (stripecount + offset) % stripecount |
|
207 | count = (stripecount + offset) % stripecount | |
| 207 | parity = (stripecount + offset) // stripecount & 1 |
|
208 | parity = (stripecount + offset) // stripecount & 1 | |
| 208 | else: |
|
209 | else: | |
| 209 | count = 0 |
|
210 | count = 0 | |
| 210 | parity = 0 |
|
211 | parity = 0 | |
| 211 | while True: |
|
212 | while True: | |
| 212 | yield parity |
|
213 | yield parity | |
| 213 | count += 1 |
|
214 | count += 1 | |
| 214 | if stripecount and count >= stripecount: |
|
215 | if stripecount and count >= stripecount: | |
| 215 | parity = 1 - parity |
|
216 | parity = 1 - parity | |
| 216 | count = 0 |
|
217 | count = 0 | |
| 217 |
|
218 | |||
| 218 | def get_contact(config): |
|
219 | def get_contact(config): | |
| 219 | """Return repo contact information or empty string. |
|
220 | """Return repo contact information or empty string. | |
| 220 |
|
221 | |||
| 221 | web.contact is the primary source, but if that is not set, try |
|
222 | web.contact is the primary source, but if that is not set, try | |
| 222 | ui.username or $EMAIL as a fallback to display something useful. |
|
223 | ui.username or $EMAIL as a fallback to display something useful. | |
| 223 | """ |
|
224 | """ | |
| 224 | return (config("web", "contact") or |
|
225 | return (config("web", "contact") or | |
| 225 | config("ui", "username") or |
|
226 | config("ui", "username") or | |
| 226 | encoding.environ.get("EMAIL") or "") |
|
227 | encoding.environ.get("EMAIL") or "") | |
| 227 |
|
228 | |||
| 228 | def cspvalues(ui): |
|
229 | def cspvalues(ui): | |
| 229 | """Obtain the Content-Security-Policy header and nonce value. |
|
230 | """Obtain the Content-Security-Policy header and nonce value. | |
| 230 |
|
231 | |||
| 231 | Returns a 2-tuple of the CSP header value and the nonce value. |
|
232 | Returns a 2-tuple of the CSP header value and the nonce value. | |
| 232 |
|
233 | |||
| 233 | First value is ``None`` if CSP isn't enabled. Second value is ``None`` |
|
234 | First value is ``None`` if CSP isn't enabled. Second value is ``None`` | |
| 234 | if CSP isn't enabled or if the CSP header doesn't need a nonce. |
|
235 | if CSP isn't enabled or if the CSP header doesn't need a nonce. | |
| 235 | """ |
|
236 | """ | |
| 236 | # Without demandimport, "import uuid" could have an immediate side-effect |
|
237 | # Without demandimport, "import uuid" could have an immediate side-effect | |
| 237 | # running "ldconfig" on Linux trying to find libuuid. |
|
238 | # running "ldconfig" on Linux trying to find libuuid. | |
| 238 | # With Python <= 2.7.12, that "ldconfig" is run via a shell and the shell |
|
239 | # With Python <= 2.7.12, that "ldconfig" is run via a shell and the shell | |
| 239 | # may pollute the terminal with: |
|
240 | # may pollute the terminal with: | |
| 240 | # |
|
241 | # | |
| 241 | # shell-init: error retrieving current directory: getcwd: cannot access |
|
242 | # shell-init: error retrieving current directory: getcwd: cannot access | |
| 242 | # parent directories: No such file or directory |
|
243 | # parent directories: No such file or directory | |
| 243 | # |
|
244 | # | |
| 244 | # Python >= 2.7.13 has fixed it by running "ldconfig" directly without a |
|
245 | # Python >= 2.7.13 has fixed it by running "ldconfig" directly without a | |
| 245 | # shell (hg changeset a09ae70f3489). |
|
246 | # shell (hg changeset a09ae70f3489). | |
| 246 | # |
|
247 | # | |
| 247 | # Moved "import uuid" from here so it's executed after we know we have |
|
248 | # Moved "import uuid" from here so it's executed after we know we have | |
| 248 | # a sane cwd (i.e. after dispatch.py cwd check). |
|
249 | # a sane cwd (i.e. after dispatch.py cwd check). | |
| 249 | # |
|
250 | # | |
| 250 | # We can move it back once we no longer need Python <= 2.7.12 support. |
|
251 | # We can move it back once we no longer need Python <= 2.7.12 support. | |
| 251 | import uuid |
|
252 | import uuid | |
| 252 |
|
253 | |||
| 253 | # Don't allow untrusted CSP setting since it be disable protections |
|
254 | # Don't allow untrusted CSP setting since it be disable protections | |
| 254 | # from a trusted/global source. |
|
255 | # from a trusted/global source. | |
| 255 | csp = ui.config('web', 'csp', untrusted=False) |
|
256 | csp = ui.config('web', 'csp', untrusted=False) | |
| 256 | nonce = None |
|
257 | nonce = None | |
| 257 |
|
258 | |||
| 258 | if csp and '%nonce%' in csp: |
|
259 | if csp and '%nonce%' in csp: | |
| 259 | nonce = base64.urlsafe_b64encode(uuid.uuid4().bytes).rstrip('=') |
|
260 | nonce = base64.urlsafe_b64encode(uuid.uuid4().bytes).rstrip('=') | |
| 260 | csp = csp.replace('%nonce%', nonce) |
|
261 | csp = csp.replace('%nonce%', nonce) | |
| 261 |
|
262 | |||
| 262 | return csp, nonce |
|
263 | return csp, nonce | |
General Comments 0
You need to be logged in to leave comments.
Login now