rosenzweigph69701
/
Masterarbeit_Code
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Funktionierender Prototyp des Serious Games zur Vermittlung von Wissen zu Software-Engineering-Arbeitsmodellen.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
Tree: b35b0e54be
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b35b0e54be'
${ noResults }
Masterarbeit_Code/environment/Lib/site-packages/django/middleware/security.py

security.py 2.6KB
Raw Normal View History

Initial Commit
1 year ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. import re

  2. 

  3. from django.conf import settings

  4. from django.http import HttpResponsePermanentRedirect

  5. from django.utils.deprecation import MiddlewareMixin

  6. 

  7. 

  8. class SecurityMiddleware(MiddlewareMixin):

  9.     def __init__(self, get_response):

  10.         super().__init__(get_response)

  11.         self.sts_seconds = settings.SECURE_HSTS_SECONDS

  12.         self.sts_include_subdomains = settings.SECURE_HSTS_INCLUDE_SUBDOMAINS

  13.         self.sts_preload = settings.SECURE_HSTS_PRELOAD

  14.         self.content_type_nosniff = settings.SECURE_CONTENT_TYPE_NOSNIFF

  15.         self.redirect = settings.SECURE_SSL_REDIRECT

  16.         self.redirect_host = settings.SECURE_SSL_HOST

  17.         self.redirect_exempt = [re.compile(r) for r in settings.SECURE_REDIRECT_EXEMPT]

  18.         self.referrer_policy = settings.SECURE_REFERRER_POLICY

  19.         self.cross_origin_opener_policy = settings.SECURE_CROSS_ORIGIN_OPENER_POLICY

  20. 

  21.     def process_request(self, request):

  22.         path = request.path.lstrip("/")

  23.         if (

  24.             self.redirect

  25.             and not request.is_secure()

  26.             and not any(pattern.search(path) for pattern in self.redirect_exempt)

  27.         ):

  28.             host = self.redirect_host or request.get_host()

  29.             return HttpResponsePermanentRedirect(

  30.                 "https://%s%s" % (host, request.get_full_path())

  31.             )

  32. 

  33.     def process_response(self, request, response):

  34.         if (

  35.             self.sts_seconds

  36.             and request.is_secure()

  37.             and "Strict-Transport-Security" not in response

  38.         ):

  39.             sts_header = "max-age=%s" % self.sts_seconds

  40.             if self.sts_include_subdomains:

  41.                 sts_header = sts_header + "; includeSubDomains"

  42.             if self.sts_preload:

  43.                 sts_header = sts_header + "; preload"

  44.             response.headers["Strict-Transport-Security"] = sts_header

  45. 

  46.         if self.content_type_nosniff:

  47.             response.headers.setdefault("X-Content-Type-Options", "nosniff")

  48. 

  49.         if self.referrer_policy:

  50.             # Support a comma-separated string or iterable of values to allow

  51.             # fallback.

  52.             response.headers.setdefault(

  53.                 "Referrer-Policy",

  54.                 ",".join(

  55.                     [v.strip() for v in self.referrer_policy.split(",")]

  56.                     if isinstance(self.referrer_policy, str)

  57.                     else self.referrer_policy

  58.                 ),

  59.             )

  60. 

  61.         if self.cross_origin_opener_policy:

  62.             response.setdefault(

  63.                 "Cross-Origin-Opener-Policy",

  64.                 self.cross_origin_opener_policy,

  65.             )

  66.         return response