Python flask_talisman.Talisman() Examples
The following are 5
code examples of flask_talisman.Talisman().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
flask_talisman
, or try the search function
.
.
Example #1
| Source File: talisman_test.py From flask-talisman with Apache License 2.0 | 6 votes |
|
def testFeaturePolicy(self):
self.talisman.feature_policy['geolocation'] = '\'none\''
response = self.client.get('/', environ_overrides=HTTPS_ENVIRON)
feature_policy = response.headers['Feature-Policy']
self.assertIn('geolocation \'none\'', feature_policy)
self.talisman.feature_policy['fullscreen'] = '\'self\' example.com'
response = self.client.get('/', environ_overrides=HTTPS_ENVIRON)
feature_policy = response.headers['Feature-Policy']
self.assertIn('fullscreen \'self\' example.com', feature_policy)
# string policy at initialization
app = flask.Flask(__name__)
Talisman(app, feature_policy='vibrate \'none\'')
response = app.test_client().get('/', environ_overrides=HTTPS_ENVIRON)
self.assertIn('vibrate \'none\'', response.headers['Feature-Policy'])
Example #2
| Source File: talisman_test.py From flask-talisman with Apache License 2.0 | 5 votes |
|
def setUp(self):
self.app = flask.Flask(__name__)
self.talisman = Talisman(self.app)
self.client = self.app.test_client()
self.app.route('/')(hello_world)
self.app.route('/with_nonce')(with_nonce)
Example #3
| Source File: talisman_test.py From flask-talisman with Apache License 2.0 | 5 votes |
|
def testContentSecurityPolicyOptions(self):
self.talisman.content_security_policy['image-src'] = '*'
response = self.client.get('/', environ_overrides=HTTPS_ENVIRON)
csp = response.headers['Content-Security-Policy']
self.assertEqual(csp, "default-src 'self'; image-src *")
self.talisman.content_security_policy['image-src'] = [
'\'self\'',
'example.com'
]
response = self.client.get('/', environ_overrides=HTTPS_ENVIRON)
csp = response.headers['Content-Security-Policy']
self.assertIn('default-src \'self\'', csp)
self.assertIn('image-src \'self\' example.com', csp)
# string policy
self.talisman.content_security_policy = 'default-src \'foo\' spam.eggs'
response = self.client.get('/', environ_overrides=HTTPS_ENVIRON)
self.assertEqual(response.headers['Content-Security-Policy'],
'default-src \'foo\' spam.eggs')
# no policy
self.talisman.content_security_policy = False
response = self.client.get('/', environ_overrides=HTTPS_ENVIRON)
self.assertNotIn('Content-Security-Policy', response.headers)
# string policy at initialization
app = flask.Flask(__name__)
Talisman(app, content_security_policy='default-src \'foo\' spam.eggs')
response = app.test_client().get('/', environ_overrides=HTTPS_ENVIRON)
self.assertIn(
'default-src \'foo\' spam.eggs',
response.headers['Content-Security-Policy']
)
Example #4
| Source File: talisman_test.py From flask-talisman with Apache License 2.0 | 5 votes |
|
def testContentSecurityPolicyOptionsReport(self):
# report-only policy
self.talisman.content_security_policy_report_only = True
self.talisman.content_security_policy_report_uri = \
'https://example.com'
response = self.client.get('/', environ_overrides=HTTPS_ENVIRON)
self.assertIn('Content-Security-Policy-Report-Only', response.headers)
self.assertIn(
'X-Content-Security-Policy-Report-Only', response.headers)
self.assertIn(
'report-uri',
response.headers['Content-Security-Policy-Report-Only']
)
self.assertNotIn('Content-Security-Policy', response.headers)
self.assertNotIn('X-Content-Security-Policy', response.headers)
override_report_uri = 'https://report-uri.io/'
self.talisman.content_security_policy = {
'report-uri': override_report_uri,
}
response = self.client.get('/', environ_overrides=HTTPS_ENVIRON)
self.assertIn(
'Content-Security-Policy-Report-Only', response.headers)
self.assertIn(
override_report_uri,
response.headers['Content-Security-Policy-Report-Only']
)
# exception on missing report-uri when report-only
self.assertRaises(ValueError, Talisman, self.app,
content_security_policy_report_only=True)
Example #5
| Source File: build.py From code-coverage with Mozilla Public License 2.0 | 5 votes |
|
def build_flask_app(project_name, app_name, openapi):
"""
Create a new Flask backend application
app_name is the Python application name, used as Flask import_name
project_name is a "nice" name, used to identify the application
"""
assert os.path.exists(openapi), "Missing openapi file {}".format(openapi)
logger.debug("Initializing", app=app_name, openapi=openapi)
# Start OpenAPI app
app = connexion.App(import_name=app_name)
app.name = project_name
app.add_api(openapi)
# Enable security
security = flask_talisman.Talisman()
security.init_app(app.app, **TALISMAN_CONFIG)
# Enable wildcard CORS
cors = flask_cors.CORS()
cors.init_app(app.app, origins=["*"])
# Add exception Json renderer
for code, exception in werkzeug.exceptions.default_exceptions.items():
app.app.register_error_handler(exception, handle_default_exceptions)
# Redirect root to API
app.add_url_rule(
"/", "root", lambda: flask.redirect(app.options.openapi_console_ui_path)
)
# Dockerflow checks
app.add_url_rule("/__heartbeat__", view_func=heartbeat_response)
app.add_url_rule("/__lbheartbeat__", view_func=lbheartbeat_response)
app.add_url_rule("/__version__", view_func=get_version)
logger.debug("Initialized", app=app.name)
return app
