mirror of
https://github.com/open-webui/open-webui
synced 2024-12-29 07:12:07 +00:00
Feature to set HTTP header "Content-Security-Policy"
Introduce CONTENT_SECURITY_POLICY environment variable to set HTTP header "Content-Security-Policy". Content Security Policy (CSP) is a feature that helps to prevent or minimize the risk of certain types of security threats. It consists of a series of instructions from a website to a browser, which instruct the browser to place restrictions on the things that the code comprising the site is allowed to do. https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
This commit is contained in:
parent
3792051604
commit
541ff6b41a
@ -27,6 +27,7 @@ def set_security_headers() -> Dict[str, str]:
|
|||||||
- x-download-options
|
- x-download-options
|
||||||
- x-frame-options
|
- x-frame-options
|
||||||
- x-permitted-cross-domain-policies
|
- x-permitted-cross-domain-policies
|
||||||
|
- content-security-policy
|
||||||
|
|
||||||
Each environment variable is associated with a specific setter function
|
Each environment variable is associated with a specific setter function
|
||||||
that constructs the header. If the environment variable is set, the
|
that constructs the header. If the environment variable is set, the
|
||||||
@ -45,6 +46,7 @@ def set_security_headers() -> Dict[str, str]:
|
|||||||
"XDOWNLOAD_OPTIONS": set_xdownload_options,
|
"XDOWNLOAD_OPTIONS": set_xdownload_options,
|
||||||
"XFRAME_OPTIONS": set_xframe,
|
"XFRAME_OPTIONS": set_xframe,
|
||||||
"XPERMITTED_CROSS_DOMAIN_POLICIES": set_xpermitted_cross_domain_policies,
|
"XPERMITTED_CROSS_DOMAIN_POLICIES": set_xpermitted_cross_domain_policies,
|
||||||
|
"CONTENT_SECURITY_POLICY": set_content_security_policy,
|
||||||
}
|
}
|
||||||
|
|
||||||
for env_var, setter in header_setters.items():
|
for env_var, setter in header_setters.items():
|
||||||
@ -124,3 +126,7 @@ def set_xpermitted_cross_domain_policies(value: str):
|
|||||||
if not match:
|
if not match:
|
||||||
value = "none"
|
value = "none"
|
||||||
return {"X-Permitted-Cross-Domain-Policies": value}
|
return {"X-Permitted-Cross-Domain-Policies": value}
|
||||||
|
|
||||||
|
# Set Content-Security-Policy response header
|
||||||
|
def set_content_security_policy(value: str):
|
||||||
|
return {"Content-Security-Policy": value}
|
||||||
|
Loading…
Reference in New Issue
Block a user