diff options
Diffstat (limited to 'ipsilon/util/endpoint.py')
| -rw-r--r-- | ipsilon/util/endpoint.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/ipsilon/util/endpoint.py b/ipsilon/util/endpoint.py index f160329..0016bc2 100644 --- a/ipsilon/util/endpoint.py +++ b/ipsilon/util/endpoint.py @@ -4,6 +4,7 @@ import cherrypy from ipsilon.util.log import Log from ipsilon.util.user import UserSession from urllib import unquote +from functools import wraps try: from urlparse import urlparse except ImportError: @@ -11,6 +12,23 @@ except ImportError: from urllib.parse import urlparse +def allow_iframe(func): + """ + Remove the X-Frame-Options and CSP frame-options deny headers. + """ + @wraps(func) + def wrapper(*args, **kwargs): + result = func(*args, **kwargs) + for (header, value) in [ + ('X-Frame-Options', 'deny'), + ('Content-Security-Policy', 'frame-options \'deny\'')]: + if cherrypy.response.headers.get(header, None) == value: + cherrypy.response.headers.pop(header, None) + return result + + return wrapper + + class Endpoint(Log): def __init__(self, site): self._site = site @@ -19,6 +37,8 @@ class Endpoint(Log): self.default_headers = { 'Cache-Control': 'no-cache, no-store, must-revalidate, private', 'Pragma': 'no-cache', + 'Content-Security-Policy': 'frame-options \'deny\'', + 'X-Frame-Options': 'deny', } self.auth_protect = False |