hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-15 14:03:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

DEV: Allow configuration of default headers.

Browse Source 
Applies Content-Security-Policy: frame-ancestors 'self' by default.
This commit is contained in:
Scott Sanderson
2015-04-23 18:46:56 -04:00
parent 1674d2f698
commit 74d3740921
2 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
jupyterhub/handlers/base.py
View File

@@ -71,6 +71,17 @@ class BaseHandler(RequestHandler):
self.db.rollback() self.db.rollback()
super(BaseHandler, self).finish(*args, **kwargs) super(BaseHandler, self).finish(*args, **kwargs)
def set_default_headers(self):
"""
Set any headers passed as tornado_settings['headers'].
By default sets Content-Security-Policy of frame-ancestors 'self'.
"""
headers = self.settings.get('headers', {})
headers.setdefault('Content-Security-Policy', "frame-ancestors 'self'")
for header_name, header_content in headers.items():
self.set_header(header_name, header_content)
#--------------------------------------------------------------- #---------------------------------------------------------------
# Login and cookie-related # Login and cookie-related
#--------------------------------------------------------------- #---------------------------------------------------------------

4
jupyterhub/tests/test_api.py
View File

@@ -64,7 +64,9 @@ def api_request(app, *api_path, **kwargs):
url = ujoin(base_url, 'api', *api_path) url = ujoin(base_url, 'api', *api_path)
method = kwargs.pop('method', 'get') method = kwargs.pop('method', 'get')
f = getattr(requests, method) f = getattr(requests, method)
return f(url, **kwargs) resp = f(url, **kwargs)
assert resp.headers['Content-Security-Policy'] == "frame-ancestors 'self'"
return resp
def test_auth_api(app): def test_auth_api(app):
db = app.db db = app.db