File: handlers.py

package info (click to toggle)
jupyter-notebook 6.4.13-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 13,860 kB
  • sloc: javascript: 20,765; python: 15,658; makefile: 255; sh: 160
file content (32 lines) | stat: -rw-r--r-- 882 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
"""Tornado handlers for security logging."""

# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.

from tornado import web

from ...base.handlers import APIHandler
from . import csp_report_uri

class CSPReportHandler(APIHandler):
    '''Accepts a content security policy violation report'''

    _track_activity = False

    def skip_check_origin(self):
        """Don't check origin when reporting origin-check violations!"""
        return True

    def check_xsrf_cookie(self):
        # don't check XSRF for CSP reports
        return

    @web.authenticated
    def post(self):
        '''Log a content security policy violation report'''
        self.log.warning("Content security violation: %s",
                      self.request.body.decode('utf8', 'replace'))

default_handlers = [
    (csp_report_uri, CSPReportHandler)
]