当前位置: 首页>>代码示例>>Python>>正文


Python exc.HTTPForbidden类代码示例

本文整理汇总了Python中webob.exc.HTTPForbidden的典型用法代码示例。如果您正苦于以下问题:Python HTTPForbidden类的具体用法?Python HTTPForbidden怎么用?Python HTTPForbidden使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了HTTPForbidden类的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: __call__

    def __call__(self, environ, start_response):
        request = Request(environ)
        session = environ['beaker.session']
        session.save()

        if request.method == 'POST':
            # check to see if we want to process the post at all
            if (self.unprotected_path is not None
                and request.path_info.startswith(self.unprotected_path)):
                resp = request.get_response(self.app)
                return resp(environ, start_response)

            csrf_token = session.id
            # check incoming token
            try:
                request_csrf_token = request.POST['csrfmiddlewaretoken']
                if request_csrf_token != csrf_token:
                    resp = HTTPForbidden(_ERROR_MSG)
                else:
                    resp = request.get_response(self.app)
            except KeyError:
                resp = HTTPForbidden(_ERROR_MSG)
        # if we're a get, we don't do any checking
        else:
            resp = request.get_response(self.app)

        if resp.status_int != 200:
            return resp(environ, start_response)

        session = environ['beaker.session']
        csrf_token = session.id

        if resp.content_type.split(';')[0] in _HTML_TYPES:
            # ensure we don't add the 'id' attribute twice (HTML validity)
            idattributes = itertools.chain(('id="csrfmiddlewaretoken"',), 
                                            itertools.repeat(''))
            def add_csrf_field(match):
                """Returns the matched <form> tag plus the added <input> element"""
                return match.group() + '<div style="display:none;">' + \
                '<input type="hidden" ' + idattributes.next() + \
                ' name="csrfmiddlewaretoken" value="' + csrf_token + \
                '" /></div>'

            # Modify any POST forms and fix content-length
            resp.body = _POST_FORM_RE.sub(add_csrf_field, resp.body)

        return resp(environ, start_response)
开发者ID:socialplanning,项目名称:CSRFMiddleware,代码行数:47,代码来源:__init__.py

示例2: __call__

    def __call__(self, environ, start_response):
        request = Request(environ)
        session = environ['beaker.session']
        csrf_token = session.get('csrf')
        if not csrf_token:
            csrf_token = session['csrf'] = str(random.getrandbits(128))
            session.save()

        if request.method == 'POST':
            # check to see if we want to process the post at all
            if (self.unprotected_path is not None
                and request.path_info.startswith(self.unprotected_path)):
                resp = request.get_response(self.app)
                resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
                resp.set_cookie('csrf', csrf_token, max_age=3600)
                return resp(environ, start_response)

            # check incoming token
            try:
                account_data = request.POST.get('account', None)
                request_csrf_token = environ.get('HTTP_X_CSRF', request.POST.get('csrftoken'))
                if account_data is None and request_csrf_token != csrf_token:
                    resp = HTTPForbidden(_ERROR_MSG)
                    metrics.track(request, 'invalid-session')
                    resp.headers['X-Error'] = 'CSRF'
                else:
                    resp = request.get_response(self.app)
            except KeyError:
                resp = HTTPForbidden(_ERROR_MSG)
                resp.headers['X-Error'] = 'CSRF'
        # if we're a get, we don't do any checking
        else:
            resp = request.get_response(self.app)

        if resp.status_int != 200:
            return resp(environ, start_response)

        resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
        resp.set_cookie('csrf', csrf_token, max_age=3600)

        if resp.content_type.split(';')[0] in _HTML_TYPES:
            # ensure we don't add the 'id' attribute twice (HTML validity)
            idattributes = itertools.chain(('id="csrfmiddlewaretoken"',),
                                            itertools.repeat(''))
            def add_csrf_field(match):
                """Returns the matched <form> tag plus the added <input> element"""
                return match.group() + '<div style="display:none;">' + \
                '<input type="hidden" ' + idattributes.next() + \
                ' name="csrftoken" value="' + csrf_token + \
                '" /></div>'

            # Modify any POST forms and fix content-length
            resp.body = _POST_FORM_RE.sub(add_csrf_field, resp.body)

        return resp(environ, start_response)
开发者ID:SriramBms,项目名称:f1,代码行数:55,代码来源:csrf.py

示例3: __call__

    def __call__(self, environ, start_response):
        request = Request(environ)
        session = environ["beaker.session"]
        csrftoken = session.get("csrftoken")
        if not csrftoken:
            csrftoken = session["csrftoken"] = str(random.getrandbits(128))
            session.save()

        if request.method == "POST":
            if self.unprotected_path is not None and request.path_info.startswith(self.unprotected_path):
                resp = request.get_response(self.app)
                resp.headers["X-Frame-Options"] = "SAMEORIGIN"
                resp.set_cookie("csrftoken", csrftoken, max_age=3600)
                return resp(environ, start_response)

            # check for incoming csrf token
            try:
                request_csrf_token = environ.get("HTTP_X_CSRFTOKEN", request.POST.get("csrftoken"))
                if request_csrf_token != csrftoken:
                    resp = HTTPForbidden("CSRF - Aborted.")
                else:
                    resp = request.get_response(self.app)
            except KeyError:
                resp = HTTPForbidden("Forbidden: Administrator has been notified.")
        else:
            resp = request.get_response(self.app)

        if resp.status_int != 200:
            return resp(environ, start_response)

        resp.headers["X-Frame-Options"] = "SAMEORIGIN"
        resp.set_cookie("csrftoken", csrftoken, max_age=3600)

        if resp.content_type.split(";")[0] in ["text/html", "application/xhtml+xml"]:
            # ensure we don't add the 'id' attribute twice (HTML validity)
            id_attr = itertools.chain(('id="csrftoken"',), itertools.repeat(""))

            def add_csrf_field(match):
                """Returns the matched <form> tag and adds the <input> element"""
                return match.group() + (
                    '<input type="hidden" ' + id_attr.next() + ' name="csrftoken" value="' + csrftoken + '" />'
                )

            # Modify any POST forms and fix content-length
            body = re.compile(r"(<form\W.*)", re.IGNORECASE)
            resp.body = body.sub(add_csrf_field, resp.body)

        return resp(environ, start_response)
开发者ID:regularex,项目名称:PyBlox,代码行数:48,代码来源:middleware.py

示例4: __init__

 def __init__(self, error_name):
     HTTPForbidden.__init__(self)
     self.explanation = error_list[error_name]
开发者ID:ahyanah,项目名称:reddit,代码行数:3,代码来源:errors.py


注:本文中的webob.exc.HTTPForbidden类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。