Skip to content

Commit

Permalink
Add security headers
Browse files Browse the repository at this point in the history
  • Loading branch information
@albertkol
albertkol committed Jan 6, 2021
1 parent 699cc34 commit b982c9c
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
7 changes: 7 additions & 0 deletions canonicalwebteam/flask_base/app.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@
)


def set_security_headers(response):
response.headers["X-Frame-Options"] = "SAMEORIGIN"

return response


def set_cache_control_headers(response):
if flask.request.path.startswith("/_status"):
response.cache_control.no_store = True
Expand Down Expand Up @@ -82,6 +88,7 @@ def __init__(
)
)

self.after_request(set_security_headers)
self.after_request(set_cache_control_headers)

self.context_processor(base_context)
Expand Down
8 changes: 8 additions & 0 deletions tests/test_flask_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,14 @@ def test_wsgi_app(self):
app = self.create_app()
self.assertIsInstance(app.wsgi_app, ProxyFix)

def test_security_headers(self):
with create_test_app().test_client() as client:
response = client.get("page")
self.assertEqual(
response.headers.get("X-Frame-Options"),
"SAMEORIGIN",
)

def test_default_cache_headers(self):
with create_test_app().test_client() as client:
cached_response = client.get("page")
Expand Down

0 comments on commit b982c9c

Please sign in to comment.