(self, request, response)
| 31 | ) |
| 32 | |
| 33 | def process_response(self, request, response): |
| 34 | if ( |
| 35 | self.sts_seconds |
| 36 | and request.is_secure() |
| 37 | and "Strict-Transport-Security" not in response |
| 38 | ): |
| 39 | sts_header = "max-age=%s" % self.sts_seconds |
| 40 | if self.sts_include_subdomains: |
| 41 | sts_header += "; includeSubDomains" |
| 42 | if self.sts_preload: |
| 43 | sts_header += "; preload" |
| 44 | response.headers["Strict-Transport-Security"] = sts_header |
| 45 | |
| 46 | if self.content_type_nosniff: |
| 47 | response.headers.setdefault("X-Content-Type-Options", "nosniff") |
| 48 | |
| 49 | if self.referrer_policy: |
| 50 | # Support a comma-separated string or iterable of values to allow |
| 51 | # fallback. |
| 52 | response.headers.setdefault( |
| 53 | "Referrer-Policy", |
| 54 | ",".join( |
| 55 | [v.strip() for v in self.referrer_policy.split(",")] |
| 56 | if isinstance(self.referrer_policy, str) |
| 57 | else self.referrer_policy |
| 58 | ), |
| 59 | ) |
| 60 | |
| 61 | if self.cross_origin_opener_policy: |
| 62 | response.setdefault( |
| 63 | "Cross-Origin-Opener-Policy", |
| 64 | self.cross_origin_opener_policy, |
| 65 | ) |
| 66 | return response |
nothing calls this directly
no test coverage detected