mirror of
https://github.com/open-webui/open-webui
synced 2024-12-28 14:52:23 +00:00
Merge pull request #7493 from diwakar-s-maurya/dev
feat: Feature to set HTTP header "Content-Security-Policy"
This commit is contained in:
Timothy Jaeryang Baek
GitHub
commit
0b17ff6eef
@ -27,6 +27,7 @@ def set_security_headers() -> Dict[str, str]:
|
|||||||
- x-download-options
|
- x-download-options
|
||||||
- x-frame-options
|
- x-frame-options
|
||||||
- x-permitted-cross-domain-policies
|
- x-permitted-cross-domain-policies
|
||||||
|
- content-security-policy
|
||||||
|
|
||||||
Each environment variable is associated with a specific setter function
|
Each environment variable is associated with a specific setter function
|
||||||
that constructs the header. If the environment variable is set, the
|
that constructs the header. If the environment variable is set, the
|
||||||
@ -45,6 +46,7 @@ def set_security_headers() -> Dict[str, str]:
|
|||||||
"XDOWNLOAD_OPTIONS": set_xdownload_options,
|
"XDOWNLOAD_OPTIONS": set_xdownload_options,
|
||||||
"XFRAME_OPTIONS": set_xframe,
|
"XFRAME_OPTIONS": set_xframe,
|
||||||
"XPERMITTED_CROSS_DOMAIN_POLICIES": set_xpermitted_cross_domain_policies,
|
"XPERMITTED_CROSS_DOMAIN_POLICIES": set_xpermitted_cross_domain_policies,
|
||||||
|
"CONTENT_SECURITY_POLICY": set_content_security_policy,
|
||||||
}
|
}
|
||||||
|
|
||||||
for env_var, setter in header_setters.items():
|
for env_var, setter in header_setters.items():
|
||||||
@ -124,3 +126,7 @@ def set_xpermitted_cross_domain_policies(value: str):
|
|||||||
if not match:
|
if not match:
|
||||||
value = "none"
|
value = "none"
|
||||||
return {"X-Permitted-Cross-Domain-Policies": value}
|
return {"X-Permitted-Cross-Domain-Policies": value}
|
||||||
|
|
||||||
|
# Set Content-Security-Policy response header
|
||||||
|
def set_content_security_policy(value: str):
|
||||||
|
return {"Content-Security-Policy": value}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user