<div dir="ltr">
<div>Har Dere sett koden for HTTP Content-Security-Policy i Python?</div><div><br></div><div>#!/usr/bin/env python3<br><br>from http.server import HTTPServer, BaseHTTPRequestHandler<br>from urllib.parse import *<br><br>class MyHTTPRequestHandler(BaseHTTPRequestHandler):<br> def do_GET(self):<br> o = urlparse(self.path)<br> f = open("." + o.path, 'rb') <br> self.send_response(200)<br> self.send_header('Content-Security-Policy', <br> "default-src 'self';"<br> "script-src 'self' *.<a href="http://oka.no:8000">oka.no:8000</a> 'nonce-1rA2345' ") <br> self.send_header('Content-type', 'text/html')<br> self.end_headers()<br> self.wfile.write(f.read())<br> f.close()<br><br>httpd = HTTPServer(('127.0.0.1', 8000), MyHTTPRequestHandler)<br>httpd.serve_forever()</div><div><br></div><div>Regner med at Nikita også må ha en CSP nonce regel som eksplisitt tillater ekskvering av JavaScript, men at denne koden må skrives i Java.<br></div><div><br></div><div>Se <a href="https://content-security-policy.com/nonce/">https://content-security-policy.com/nonce/</a> og <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP">https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP</a></div><div><br></div><div>
<span class="gmail-ILfuVd" lang="en"><span class="gmail-hgKElc">Content-Security-Policy is <b>the name of a HTTP response header that modern browsers use to enhance the security of the document (or web page)</b>.
The Content-Security-Policy header allows you to restrict which
resources (such as JavaScript, CSS, Images, etc.) can be loaded, and the
URLs that they can be loaded from.</span></span> <br></div><div><br></div>
<span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span><div dir="auto"><div dir="auto"><p>Mvh,</p><p>Ole Aamot</p></div><div dir="auto"><p>Aamot Engineering</p><p><a href="mailto:post@as.engineering" target="_blank">post@as.engineering</a></p></div><div dir="auto"><p><a href="http://www.as.engineering/" target="_blank">www.as.engineering</a></p></div></div></span></div></div></div>