我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用flask.request.is_secure()。
def protect(self): if request.method not in self._app.config['WTF_CSRF_METHODS']: return if not validate_csrf(self._get_csrf_token()): reason = 'CSRF token missing or incorrect.' return self._error_response(reason) if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']: if not request.referrer: reason = 'Referrer checking failed - no Referrer.' return self._error_response(reason) good_referrer = 'https://%s/' % request.host if not same_origin(request.referrer, good_referrer): reason = 'Referrer checking failed - origin does not match.' return self._error_response(reason) request.csrf_valid = True # mark this request is csrf valid
def protect(self): if request.method not in current_app.config['WTF_CSRF_METHODS']: return try: validate_csrf(self._get_csrf_token()) except ValidationError as e: logger.info(e.args[0]) self._error_response(e.args[0]) if request.is_secure and current_app.config['WTF_CSRF_SSL_STRICT']: if not request.referrer: self._error_response('The referrer header is missing.') good_referrer = 'https://{0}/'.format(request.host) if not same_origin(request.referrer, good_referrer): self._error_response('The referrer does not match the host.') g.csrf_valid = True # mark this request as CSRF valid
def redirect_to_ssl(self): """Redirect incoming requests to HTTPS.""" # Should we redirect? criteria = [ request.is_secure, current_app.debug, request.headers.get('X-Forwarded-Proto', 'http') == 'https' ] if not any(criteria) and not self.skip: if request.url.startswith('http://'): url = request.url.replace('http://', 'https://', 1) code = 302 if self.permanent: code = 301 r = redirect(url, code=code) return r
def redirect_to_ssl(self): """ Redirect incoming requests to HTTPS. """ criteria = [ request.is_secure, current_app.debug, current_app.testing, request.headers.get('X-Forwarded-Proto', 'http') == 'https' ] if request.headers.get('User-Agent', '').lower().startswith(self.exclude_user_agents): return if not any(criteria): if request.url.startswith('http://'): url = request.url.replace('http://', 'https://', 1) r = redirect(url, code=301) return r
def include_moment(version = '2.3.1'): if version is not None: if request.is_secure: protocol = 'https' else: protocol = 'http' js = '<script src="%s://cdnjs.cloudflare.com/ajax/libs/moment.js/%s/moment-with-langs.min.js"></script>\n' % (protocol, version) return Markup('''%s<script> function flask_moment_render(elem) { $(elem).text(eval('moment("' + $(elem).data('timestamp') + '").' + $(elem).data('format') + ';')); $(elem).removeClass('flask-moment'); } function flask_moment_render_all() { $('.flask-moment').each(function() { flask_moment_render(this); if ($(this).data('refresh')) { (function(elem, interval) { setInterval(function() { flask_moment_render(elem) }, interval); })(this, $(this).data('refresh')); } }) } $(document).ready(function() { flask_moment_render_all(); }); </script>''' % js)
def index(): nonce = ''.join(random.sample( string.lowercase+string.digits, 16 )) r = Response(render_template("otm.jinja", nonce=nonce )) r.headers['Content-Security-Policy'] = ';'.join(( "default-src 'none'", "style-src 'nonce-%s'" % nonce, "script-src 'nonce-%s'" % nonce, "connect-src %s://%s/ws" % ( "wss" if request.is_secure else "ws", request.host, ), )) r.headers['X-Frame-Options'] = 'DENY' return r
def init_app(self, app): delivery_method = app.config.get("ASSETS_DELIVERY_METHOD") if delivery_method and delivery_method.upper() in ["S3", "CDN"]: #with app.app_context(): is_secure = False #request.is_secure if delivery_method.upper() == "CDN": domain = app.config.get("ASSETS_DELIVERY_DOMAIN") if "://" in domain: domain_parsed = utils.urlparse(domain) is_secure = domain_parsed.scheme == "https" domain = domain_parsed.netloc app.config.setdefault("S3_CDN_DOMAIN", domain) app.config["FLASK_ASSETS_USE_S3"] = True app.config["FLASKS3_ACTIVE"] = True app.config["FLASKS3_URL_STYLE"] = "path" app.config.setdefault("FLASKS3_USE_HTTPS", is_secure) app.config.setdefault("FLASKS3_ONLY_MODIFIED", True) app.config.setdefault("FLASKS3_GZIP", True) app.config.setdefault("FLASKS3_BUCKET_NAME", app.config.get("AWS_S3_BUCKET_NAME")) super(self.__class__, self).init_app(app)
def gravatar(self, size=100, default='identicon', rating='g'): if request.is_secure: url = 'https://secure.gravatar.com/avatar' else: url = 'http://www.gravatar.com/avatar' hash = self.avatar_hash or hashlib.md5( self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}&d={default}&r={rating}'.format( url=url, hash=hash, size=size, default=default, rating=rating)
def include_pagedown(self): if request.is_secure: protocol = 'https' else: protocol = 'http' return Markup(''' <script type="text/javascript" src="{0}://cdnjs.cloudflare.com/ajax/libs/pagedown/1.0/Markdown.Converter.min.js"></script> <script type="text/javascript" src="{0}://cdnjs.cloudflare.com/ajax/libs/pagedown/1.0/Markdown.Sanitizer.min.js"></script> '''.format(protocol))
def set_hsts_header(self, response): """Adds HSTS header to each response.""" # Should we add STS header? if request.is_secure and not self.skip: response.headers.setdefault('Strict-Transport-Security', self.hsts_header) return response
def include_jquery(version = '1.10.1'): if request.is_secure: protocol = 'https' else: protocol = 'http' return Markup('<script src="%s://code.jquery.com/jquery-%s.min.js"></script>' % (protocol, version))
def test_is_testing(self): self.assertTrue(current_app.config['TESTING']) self.assertFalse(current_app.config['SSL_DISABLE']) self.assertFalse(request.is_secure)
def test_user_gravatar(self): user_role = Role.query.filter_by(name='User').first() user = User(email=forgery_py.internet.email_address(), username=forgery_py.internet.user_name(), password='old_password', avatar_hash=None, role=user_role, confirmed=True) db.session.add(user) db.session.commit() https_url = 'https://secure.gravatar.com/avatar' http_url = 'http://www.gravatar.com/avatar' size = 150 default = 'identicon' rating = 'g' hash = hashlib.md5(user.email.encode('utf-8')).hexdigest() http_gravatar = user.gravatar(size=size, default=default, rating=rating) self.assertEqual(http_gravatar, '{url}/{hash}?s={size}&d={default}&r={rating}'. format(url=http_url, hash=hash, size=size, default=default, rating=rating)) self.assertNotEqual(http_gravatar, '{url}/{hash}?s={size}&d={default}&r={rating}'. format(url=https_url, hash=hash, size=size, default=default, rating=rating)) # 'PilosusBot.models.request' cannot be patched like this: # with patch('PilosusBot.models.request.is_secure', new_callable=PropertyMock) as mock_sec: # mock_sec.return_value = True # request.is_secure # returns True now # # so there's no way to test HTTPS gravatar url other than # having fun with HTTP headers probably (?)
def gravatar(self, size=50, default='idention', rating='g'): if request.is_secure: url = 'https://cdn.v2ex.com/gravatar/' # ???????????? else: url = 'http://cn.gravatar.com/avatar' hash = hashlib.md5(self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}'.format(url=url, hash=hash, size=size)
def gravatar(self,size=100,default='identicon',rating='g'): if request.is_secure: url = 'http://secure.gravatar.com/avatar' else: url = 'http://www.gravatar.com/avatar' hash = self.avatar_hash or hashlib.md5(self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}&d={default}&r={rating}'.format(url=url,hash=hash,size=size,default=default,rating=rating)
def set_hsts_header(self, response): """ Adds HSTS header to each response. """ if request.is_secure: response.headers.setdefault('Strict-Transport-Security', self.hsts_header) return response
def gravatar(self,size=100,default='identicon',rating='g') : if request.is_secure : url = 'https://secure.gravatar.com/avatar' else : url = 'http://www.gravatar.com/avatar' hash = hashilb.md5(self.email.encode('utf-8')).hexdigest() return
def gravatar(self,size=100,default='identicon',rating='g') : if request.is_secure : url = 'https://secure.gravatar.com/avatar' else : url = 'http://www.gravatar.com/avatar' hash = self.avatar_hash or hashlib.md5(self.email.encode('utf-8')).hexdigest() return
def gravatar(self, size=100, default='identicon', rating='g'): if request.is_secure: url = 'https://secure.gravatar.com/avatar' else: url = 'http://www.gravatar.com/avatar' hash = self.avatar_hash or hashlib.mad5( self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}&d={default}&r={rating}'.format( url=url, hash=hash, size=size, default=default, rating=rating)
def gravatar(self, size = 100, default = 'identicon', rating = 'g'): if request.is_secure: url = 'https://cn.gravatar.com/avatar' else: url = 'http://cn.gravatar.com/avatar' hash = self.avatar_hash or hashlib.md5(self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}&d={default}&r={rating}'.format( url = url, hash = hash, size = size, default = default, rating = rating)
def gravatar(self, size=100, default = 'identicon', rating='g'): if request.is_secure: url = 'https://secure.gravatar.com/avatar' else: url = 'http://www.gravatar.com/avatar' hash = self.avatar_hash or\ hashlib.md5(self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}&d={default}&r={rating}'.format( url=url, hash=hash, size=size, default=default, rating=rating)
def gravatar(self, size=100, default='identicon', rating='g'): if request.is_secure: url = 'https://secure.gravatar.com/avatar' else: url = 'http://www.gravatar.com/avatar' hash = self.avatar_hash or hashlib.md5(self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}&d={default}&r={rating}'.format(url=url, hash=hash, size=size, default=default, rating=rating)
def gravatar(self, size=100, default='identicon', rating='g'): if request.is_secure: url = 'https://secure.gravatar.com/avatar' else: url = 'http://www.gravatar.com/avatar' hash = self.avatar_hash or hashlib.md5( self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}&d={default}&r={rating}'.format( url=url, hash=hash, size=size, default=default, rating=rating) # many(User) to one(Post)
def gravatar(self, size=100, default='identicon', rating='g'): if request.is_secure: url = 'http://secure.gravatar.com/avatar' else: url = 'http://gravatar.com/avatar' hash = self.avatar_hash or hashlib.md5(self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}&d={default}&r={rating}'.format( url=url, hash=hash, size=size, default=default, rating=rating) #??????
def gravatar(self, size=100, default='identicon', rating='g'): """?? www.gravatar.com/avatar ?????????""" if request.is_secure: url = 'https://secure.gravatar.com/avatar' else: url = 'http://www.gravatar.com/avatar' hash = self.avatar_hash or hashlib.md5(self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}&d={default}&r{rating}'.format( url=url, hash=hash, size=size, default=default, rating=rating)
def gravatar(self, size=100, default='identicon', rating='g'): if request.is_secure: url = 'https://secure.gravatar.com/avatar' else: url = 'http://www.gravatar.com/avatar' hash = self.avatar_hash or hashlib.md5( self.email.encode('utf-8')).hexdigest() return '{url}/{hash}?s={size}&d={default}&r={rating}'.format( url=url, hash=hash, size=size, default=default, rating=rating) #??????
def init_app(self, app): app.jinja_env.globals['csrf_token'] = generate_csrf strict = app.config.get('WTF_CSRF_SSL_STRICT', True) csrf_enabled = app.config.get('WTF_CSRF_ENABLED', True) @app.before_request def _csrf_protect(): # many things come from django.middleware.csrf if not csrf_enabled: return if request.method in ('GET', 'HEAD', 'OPTIONS', 'TRACE'): return if self._exempt_views: if not request.endpoint: return view = app.view_functions.get(request.endpoint) if not view: return dest = '%s.%s' % (view.__module__, view.__name__) if dest in self._exempt_views: return csrf_token = None if request.method in ('POST', 'PUT', 'PATCH'): # find the ``csrf_token`` field in the subitted form # if the form had a prefix, the name will be ``{prefix}-csrf_token`` for key in request.form: if key.endswith('csrf_token'): csrf_token = request.form[key] if not csrf_token: # You can get csrf token from header # The header name is the same as Django csrf_token = request.headers.get('X-CSRFToken') if not csrf_token: # The header name is the same as Rails csrf_token = request.headers.get('X-CSRF-Token') if not validate_csrf(csrf_token): reason = 'CSRF token missing or incorrect.' return self._error_response(reason) if request.is_secure and strict: if not request.referrer: reason = 'Referrer checking failed - no Referrer.' return self._error_response(reason) good_referrer = 'https://%s/' % request.host if not same_origin(request.referrer, good_referrer): reason = 'Referrer checking failed - origin not match.' return self._error_response(reason) request.csrf_valid = True # mark this request is csrf valid
