MCPcopy
hub / github.com/django/django / process_response

Method process_response

django/middleware/csp.py:14–33  ·  view source on GitHub ↗
(self, request, response)

Source from the content-addressed store, hash-verified

12 request._csp_nonce = LazyNonce()
13
14 def process_response(self, request, response):
15 nonce = get_nonce(request)
16
17 sentinel = object()
18 if (csp_config := getattr(response, "_csp_config", sentinel)) is sentinel:
19 csp_config = settings.SECURE_CSP
20 if (csp_ro_config := getattr(response, "_csp_ro_config", sentinel)) is sentinel:
21 csp_ro_config = settings.SECURE_CSP_REPORT_ONLY
22
23 for header, config in [
24 (CSP.HEADER_ENFORCE, csp_config),
25 (CSP.HEADER_REPORT_ONLY, csp_ro_config),
26 ]:
27 # If headers are already set on the response, don't overwrite them.
28 # This allows for views to set their own CSP headers as needed.
29 # An empty config means CSP headers are not added to the response.
30 if config and header not in response:
31 response.headers[str(header)] = build_policy(config, nonce)
32
33 return response

Callers

nothing calls this directly

Calls 2

build_policyFunction · 0.90
get_nonceFunction · 0.85

Tested by

no test coverage detected