1Vh*dZddlZddlmZddlmZddlmZddlm Z e jZ dZ dZ d d gd d gd gd gd ZejdGddZdZGddZy)z0Validates responses and their security features.N) Collection)Headers)http) tb_loggingz text/htmlz default-srcz'unsafe-inline'zdata:zblob:z 'unsafe-eval')z style-srczimg-srcz script-srczfont-srcT)frozenc,eZdZUdZeed<eeed<y) DirectivezContent security policy directive. Loosely follow vocabulary from https://www.w3.org/TR/CSP/#framework-directives. Attributes: name: A non-empty string. value: A collection of non-empty strings. namevalueN)__name__ __module__ __qualname____doc__str__annotations__rV/home/dcms/DCMS/lib/python3.12/site-packages/tensorboard/backend/security_validator.pyr r ,s I c?rr c4tjd|zy)Nz-In 3.0, this warning will become an error: %s)loggerwarning) error_msgs r_maybe_raise_value_errorr;s NNCiOPrc@eZdZdZdZdZdZdZdZdZ dZ d Z y ) SecurityValidatorMiddlewareaWSGI middleware validating security on response. It validates: - responses have Content-Type - responses have X-Content-Type-Options: nosniff - text/html responses have CSP header. It also validates whether the CSP headers pass basic requirement. e.g., default-src should be present, cannot use "*" directive, and others. For more complete list, please refer to _validate_csp_policies. Instances of this class are WSGI applications (see PEP 3333). c||_y)zInitializes an `SecurityValidatorMiddleware`. Args: application: The WSGI application to wrap (see PEP 3333). N _application)self applications r__init__z$SecurityValidatorMiddleware.__init__Ns (rc8dfd }j||S)Nc:j||||SN)_validate_headers)statusheadersexc_inforstart_responses rstart_response_proxyzBSecurityValidatorMiddleware.__call__..start_response_proxyWs  " "7 +!&'8< ??rct|}|j||j||j|yr$)r_validate_content_type _validate_x_content_type_options_validate_csp_headers)r headers_listr's rr%z-SecurityValidatorMiddleware._validate_headers]s6,' ##G, --g6 ""7+rc>|jdrytdy)N Content-Typez&Content-Type is required on a Responsegetr)rr's rr.z2SecurityValidatorMiddleware._validate_content_typecs ;;~ &  !IJrcH|jd}|dk(rytdy)NzX-Content-Type-Optionsnosniffz2X-Content-Type-Options is required to be "nosniff"r4)rr'options rr/z ! =H 228< z2SecurityValidatorMiddleware._validate_csp_policiess ! 'I>>D" '"1"MT=M5MKOOD"55X%(''1'' 3KRRUS!!#&5 ' '<   B   $TYYz%: ; rc4|jd}g}|D]}|j}|s|jdd}|d}t|dk(r|dnd}|j}|j}t ||} |j | |S)N;rrE)splitstriplenlowerr rK) rrCcsp_srcspolicytoken token_fragr valuesr rOs rr=z1SecurityValidatorMiddleware._parse_serialized_csps>>#& %EKKMET1-Ja=D&)*o&:Z]F::r=rrrrr@s2 (@, K   .(rfs7+'     $W-!##   d#  $ Q KKr