Startsida Utforska Hjälp
Registrera dig Logga in
wanghuan
/
zm_admin
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Gren: master
Grenar Taggar
zm_admin
/
venv
/
Lib
/
site-packages
/
django
/
middleware
/
security.py

security.py 2.3 KB
Permalänk Historik

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. import re
    2. 

  2. 

  3. from django.conf import settings
    4. 

  4. from django.http import HttpResponsePermanentRedirect
    5. 

  5. from django.utils.deprecation import MiddlewareMixin
    6. 

  6. 

  7. 

  8. class SecurityMiddleware(MiddlewareMixin):
    9. 

  9.     def __init__(self, get_response=None):
    10. 

  10.         self.sts_seconds = settings.SECURE_HSTS_SECONDS
    11. 

  11.         self.sts_include_subdomains = settings.SECURE_HSTS_INCLUDE_SUBDOMAINS
    12. 

  12.         self.sts_preload = settings.SECURE_HSTS_PRELOAD
    13. 

  13.         self.content_type_nosniff = settings.SECURE_CONTENT_TYPE_NOSNIFF
    14. 

  14.         self.xss_filter = settings.SECURE_BROWSER_XSS_FILTER
    15. 

  15.         self.redirect = settings.SECURE_SSL_REDIRECT
    16. 

  16.         self.redirect_host = settings.SECURE_SSL_HOST
    17. 

  17.         self.redirect_exempt = [re.compile(r) for r in settings.SECURE_REDIRECT_EXEMPT]
    18. 

  18.         self.referrer_policy = settings.SECURE_REFERRER_POLICY
    19. 

  19.         self.get_response = get_response
    20. 

  20. 

  21.     def process_request(self, request):
    22. 

  22.         path = request.path.lstrip("/")
    23. 

  23.         if (self.redirect and not request.is_secure() and
    24. 

  24.                 not any(pattern.search(path)
    25. 

  25.                         for pattern in self.redirect_exempt)):
    26. 

  26.             host = self.redirect_host or request.get_host()
    27. 

  27.             return HttpResponsePermanentRedirect(
    28. 

  28.                 "https://%s%s" % (host, request.get_full_path())
    29. 

  29.             )
    30. 

  30. 

  31.     def process_response(self, request, response):
    32. 

  32.         if (self.sts_seconds and request.is_secure() and
    33. 

  33.                 'Strict-Transport-Security' not in response):
    34. 

  34.             sts_header = "max-age=%s" % self.sts_seconds
    35. 

  35.             if self.sts_include_subdomains:
    36. 

  36.                 sts_header = sts_header + "; includeSubDomains"
    37. 

  37.             if self.sts_preload:
    38. 

  38.                 sts_header = sts_header + "; preload"
    39. 

  39.             response['Strict-Transport-Security'] = sts_header
    40. 

  40. 

  41.         if self.content_type_nosniff:
    42. 

  42.             response.setdefault('X-Content-Type-Options', 'nosniff')
    43. 

  43. 

  44.         if self.xss_filter:
    45. 

  45.             response.setdefault('X-XSS-Protection', '1; mode=block')
    46. 

  46. 

  47.         if self.referrer_policy:
    48. 

  48.             # Support a comma-separated string or iterable of values to allow
    49. 

  49.             # fallback.
    50. 

  50.             response.setdefault('Referrer-Policy', ','.join(
    51. 

  51.                 [v.strip() for v in self.referrer_policy.split(',')]
    52. 

  52.                 if isinstance(self.referrer_policy, str) else self.referrer_policy
    53. 

  53.             ))
    54. 

  54. 

  55.         return response
    56.