From 3b3731d873664db00c02603363f61d34c41a3990 Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@leap.se>
Date: Mon, 25 Apr 2016 22:13:19 -0400
Subject: embed pixelated

---
 src/pixelated/config/site.py | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 src/pixelated/config/site.py

(limited to 'src/pixelated/config/site.py')

diff --git a/src/pixelated/config/site.py b/src/pixelated/config/site.py
new file mode 100644
index 00000000..1fb884b0
--- /dev/null
+++ b/src/pixelated/config/site.py
@@ -0,0 +1,32 @@
+from twisted.web.server import Site, Request
+
+
+class AddSecurityHeadersRequest(Request):
+    CSP_HEADER_VALUES = "default-src 'self'; style-src 'self' 'unsafe-inline'"
+
+    def process(self):
+        self.setHeader('Content-Security-Policy', self.CSP_HEADER_VALUES)
+        self.setHeader('X-Content-Security-Policy', self.CSP_HEADER_VALUES)
+        self.setHeader('X-Webkit-CSP', self.CSP_HEADER_VALUES)
+        self.setHeader('X-Frame-Options', 'SAMEORIGIN')
+        self.setHeader('X-XSS-Protection', '1; mode=block')
+        self.setHeader('X-Content-Type-Options', 'nosniff')
+
+        if self.isSecure():
+            self.setHeader('Strict-Transport-Security',
+                           'max-age=31536000; includeSubDomains')
+
+        Request.process(self)
+
+
+class PixelatedSite(Site):
+
+    requestFactory = AddSecurityHeadersRequest
+
+    @classmethod
+    def enable_csp_requests(cls):
+        cls.requestFactory = AddSecurityHeadersRequest
+
+    @classmethod
+    def disable_csp_requests(cls):
+        cls.requestFactory = Site.requestFactory
-- 
cgit v1.2.3