Home Explore Help
Sign In
sintez
/
py_task
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 609422c2ac
Branches Tags
py_task
/
venv
/
lib
/
python3.9
/
site-packages
/
django
/
middleware
/
security.py

security.py 2.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 
  1. import re
    2. 

  2. 

  3. from django.conf import settings
    4. 

  4. from django.http import HttpResponsePermanentRedirect
    5. 

  5. from django.utils.deprecation import MiddlewareMixin
    6. 

  6. 

  7. 

  8. class SecurityMiddleware(MiddlewareMixin):
    9. 

  9.     # RemovedInDjango40Warning: when the deprecation ends, replace with:
    10. 

  10.     #   def __init__(self, get_response):
    11. 

  11.     def __init__(self, get_response=None):
    12. 

  12.         super().__init__(get_response)
    13. 

  13.         self.sts_seconds = settings.SECURE_HSTS_SECONDS
    14. 

  14.         self.sts_include_subdomains = settings.SECURE_HSTS_INCLUDE_SUBDOMAINS
    15. 

  15.         self.sts_preload = settings.SECURE_HSTS_PRELOAD
    16. 

  16.         self.content_type_nosniff = settings.SECURE_CONTENT_TYPE_NOSNIFF
    17. 

  17.         self.xss_filter = settings.SECURE_BROWSER_XSS_FILTER
    18. 

  18.         self.redirect = settings.SECURE_SSL_REDIRECT
    19. 

  19.         self.redirect_host = settings.SECURE_SSL_HOST
    20. 

  20.         self.redirect_exempt = [re.compile(r) for r in settings.SECURE_REDIRECT_EXEMPT]
    21. 

  21.         self.referrer_policy = settings.SECURE_REFERRER_POLICY
    22. 

  22. 

  23.     def process_request(self, request):
    24. 

  24.         path = request.path.lstrip("/")
    25. 

  25.         if (self.redirect and not request.is_secure() and
    26. 

  26.                 not any(pattern.search(path)
    27. 

  27.                         for pattern in self.redirect_exempt)):
    28. 

  28.             host = self.redirect_host or request.get_host()
    29. 

  29.             return HttpResponsePermanentRedirect(
    30. 

  30.                 "https://%s%s" % (host, request.get_full_path())
    31. 

  31.             )
    32. 

  32. 

  33.     def process_response(self, request, response):
    34. 

  34.         if (self.sts_seconds and request.is_secure() and
    35. 

  35.                 'Strict-Transport-Security' not in response):
    36. 

  36.             sts_header = "max-age=%s" % self.sts_seconds
    37. 

  37.             if self.sts_include_subdomains:
    38. 

  38.                 sts_header = sts_header + "; includeSubDomains"
    39. 

  39.             if self.sts_preload:
    40. 

  40.                 sts_header = sts_header + "; preload"
    41. 

  41.             response.headers['Strict-Transport-Security'] = sts_header
    42. 

  42. 

  43.         if self.content_type_nosniff:
    44. 

  44.             response.headers.setdefault('X-Content-Type-Options', 'nosniff')
    45. 

  45. 

  46.         if self.xss_filter:
    47. 

  47.             response.headers.setdefault('X-XSS-Protection', '1; mode=block')
    48. 

  48. 

  49.         if self.referrer_policy:
    50. 

  50.             # Support a comma-separated string or iterable of values to allow
    51. 

  51.             # fallback.
    52. 

  52.             response.headers.setdefault('Referrer-Policy', ','.join(
    53. 

  53.                 [v.strip() for v in self.referrer_policy.split(',')]
    54. 

  54.                 if isinstance(self.referrer_policy, str) else self.referrer_policy
    55. 

  55.             ))
    56. 

  56. 

  57.         return response
    58.