Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(298)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: appengine/isolate/handlers_frontend.py

Issue 2681293003: Fix iframe security policy directives for viewing isolate content (Closed)
Patch Set: Fix iframe security policy directive with child-src (use 'self') Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « appengine/components/components/auth/handler.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Copyright 2012 The LUCI Authors. All rights reserved. 1 # Copyright 2012 The LUCI Authors. All rights reserved.
2 # Use of this source code is governed under the Apache License, Version 2.0 2 # Use of this source code is governed under the Apache License, Version 2.0
3 # that can be found in the LICENSE file. 3 # that can be found in the LICENSE file.
4 4
5 """This module defines Isolate Server frontend url handlers.""" 5 """This module defines Isolate Server frontend url handlers."""
6 6
7 import cgi 7 import cgi
8 import datetime 8 import datetime
9 import json 9 import json
10 import logging 10 import logging
(...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after
198 # Check for existence of element, so we can 400/404 198 # Check for existence of element, so we can 400/404
199 if digest and namespace: 199 if digest and namespace:
200 try: 200 try:
201 model.get_content(namespace, digest) 201 model.get_content(namespace, digest)
202 except ValueError: 202 except ValueError:
203 self.abort(400, 'Invalid key') 203 self.abort(400, 'Invalid key')
204 except LookupError: 204 except LookupError:
205 self.abort(404, 'Unable to retrieve the entry') 205 self.abort(404, 'Unable to retrieve the entry')
206 self.response.write(template.render('isolate/browse.html', params)) 206 self.response.write(template.render('isolate/browse.html', params))
207 207
208 def get_content_security_policy(self):
209 csp = super(BrowseHandler, self).get_content_security_policy()
210 csp.setdefault('child-src', []).append("'self'")
211 return csp
212
208 213
209 class ContentHandler(auth.AuthenticatingHandler): 214 class ContentHandler(auth.AuthenticatingHandler):
210 @auth.autologin 215 @auth.autologin
211 @auth.require(acl.isolate_readable) 216 @auth.require(acl.isolate_readable)
212 def get(self): 217 def get(self):
213 namespace = self.request.get('namespace', 'default-gzip') 218 namespace = self.request.get('namespace', 'default-gzip')
214 digest = self.request.get('digest', '') 219 digest = self.request.get('digest', '')
215 content = None 220 content = None
216 221
217 if digest and namespace: 222 if digest and namespace:
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after
407 def create_application(debug): 412 def create_application(debug):
408 """Creates the url router. 413 """Creates the url router.
409 414
410 The basic layouts is as follow: 415 The basic layouts is as follow:
411 - /restricted/.* requires being an instance administrator. 416 - /restricted/.* requires being an instance administrator.
412 - /stats/.* has statistics. 417 - /stats/.* has statistics.
413 """ 418 """
414 acl.bootstrap() 419 acl.bootstrap()
415 template.bootstrap() 420 template.bootstrap()
416 return webapp2.WSGIApplication(get_routes(), debug=debug) 421 return webapp2.WSGIApplication(get_routes(), debug=debug)
OLDNEW
« no previous file with comments | « appengine/components/components/auth/handler.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698