pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Suggestions from http://flask.pocoo.org/docs/1.0/security/

Browse Source
This commit is contained in:
George Drummond 2018-12-12 13:36:29 -05:00
parent 809ab9547a
commit 5da374bbc9
No known key found for this signature in database
GPG Key ID: 296DD6077123BF17
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
atst/app.py
View File

@ -71,6 +71,7 @@ def make_app(config):
app.form_cache = FormCache(app.redis) app.form_cache = FormCache(app.redis)
apply_authentication(app) apply_authentication(app)
set_default_headers(app)
return app return app
@ -91,6 +92,20 @@ def make_flask_callbacks(app):
return response return response
def set_default_headers(app):
@app.after_request
def _set_security_headers(response):
response.headers[
"Strict-Transport-Security"
] = "max-age=31536000; includeSubDomains"
response.headers["Content-Security-Policy"] = "default-src 'self'"
response.headers["X-Content-Type-Options"] = "nosniff"
response.headers["X-Frame-Options"] = "SAMEORIGIN"
response.headers["X-XSS-Protection"] = "1; mode=block"
return response
def map_config(config): def map_config(config):
return { return {
**config["default"], **config["default"],

2
templates/components/alert.html
View File

@ -54,7 +54,7 @@
{% elif actions is iterable %} {% elif actions is iterable %}
{% for action in actions %} {% for action in actions %}
<a href={{ action["href"] }} class='icon-link'> <a href='{{ action["href"] }}' class='icon-link'>
{% if 'icon' in action %}{{ Icon(action["icon"]) }}{% endif %} {% if 'icon' in action %}{{ Icon(action["icon"]) }}{% endif %}
<span>{{ action["label"] }}</span> <span>{{ action["label"] }}</span>
</a> </a>