Spaces:
Running
Running
File size: 1,327 Bytes
b1a489c | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | import os, sys
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))
from starlette.middleware.base import BaseHTTPMiddleware
from starlette.requests import Request
CSP = (
"default-src 'self'; "
"script-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; "
"style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; "
"font-src 'self' https://fonts.gstatic.com; "
"img-src 'self' data: https:; "
"connect-src 'self' https://*.hf.space wss://*.hf.space https://fonts.googleapis.com; "
"frame-ancestors 'none'; "
"base-uri 'self';"
)
HEADERS = {
"Content-Security-Policy": CSP,
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
"X-Frame-Options": "DENY",
"X-Content-Type-Options": "nosniff",
"Referrer-Policy": "strict-origin-when-cross-origin",
"Permissions-Policy": "geolocation=(), microphone=(), camera=()",
"X-XSS-Protection": "1; mode=block",
}
class SecurityHeadersMiddleware(BaseHTTPMiddleware):
async def dispatch(self, request: Request, call_next):
response = await call_next(request)
for header, value in HEADERS.items():
response.headers[header] = value
return response
|