bundle.website.core.security

Security policies and middleware for website HTTP responses.

Attributes

DEFAULT_CSP
EXCALIDRAW_CSP

Classes

SecurityHeadersMiddleware

Apply per-route CSP to keep pages isolated and avoid script leakage.

Module Contents

bundle.website.core.security.DEFAULT_CSP = ''

bundle.website.core.security.EXCALIDRAW_CSP = ''

class bundle.website.core.security.SecurityHeadersMiddleware

Bases: starlette.middleware.base.BaseHTTPMiddleware

Apply per-route CSP to keep pages isolated and avoid script leakage.

async dispatch(request, call_next)

Attach CSP and baseline security headers to each response.