UniqAI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2024-12-28 06:42:47 +00:00
Code Issues Actions 13 Packages Projects Releases Wiki Activity

Merge pull request #7493 from diwakar-s-maurya/dev

Browse Source 
feat: Feature to set HTTP header "Content-Security-Policy"
This commit is contained in:
Timothy Jaeryang Baek 2024-11-30 18:11:20 -08:00 committed by GitHub
commit 0b17ff6eef
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/open_webui/utils/security_headers.py
View File

@ -27,6 +27,7 @@ def set_security_headers() -> Dict[str, str]:
- x-download-options
- x-frame-options
- x-permitted-cross-domain-policies
- content-security-policy
Each environment variable is associated with a specific setter function
that constructs the header. If the environment variable is set, the
@ -45,6 +46,7 @@ def set_security_headers() -> Dict[str, str]:
"XDOWNLOAD_OPTIONS": set_xdownload_options,
"XFRAME_OPTIONS": set_xframe,
"XPERMITTED_CROSS_DOMAIN_POLICIES": set_xpermitted_cross_domain_policies,
"CONTENT_SECURITY_POLICY": set_content_security_policy,
}
for env_var, setter in header_setters.items():
@ -124,3 +126,7 @@ def set_xpermitted_cross_domain_policies(value: str):
if not match:
value = "none"
return {"X-Permitted-Cross-Domain-Policies": value}
# Set Content-Security-Policy response header
def set_content_security_policy(value: str):
return {"Content-Security-Policy": value}