mirror of https://github.com/home-assistant/core
41 lines
1.2 KiB
Python
41 lines
1.2 KiB
Python
"""Middleware that helps with the control of headers in our responses."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from collections.abc import Awaitable, Callable
|
|
|
|
from aiohttp.web import Application, Request, StreamResponse, middleware
|
|
from aiohttp.web_exceptions import HTTPException
|
|
|
|
from homeassistant.core import callback
|
|
|
|
|
|
@callback
|
|
def setup_headers(app: Application, use_x_frame_options: bool) -> None:
|
|
"""Create headers middleware for the app."""
|
|
|
|
added_headers = {
|
|
"Referrer-Policy": "no-referrer",
|
|
"X-Content-Type-Options": "nosniff",
|
|
"Server": "", # Empty server header, to prevent aiohttp of setting one.
|
|
}
|
|
|
|
if use_x_frame_options:
|
|
added_headers["X-Frame-Options"] = "SAMEORIGIN"
|
|
|
|
@middleware
|
|
async def headers_middleware(
|
|
request: Request, handler: Callable[[Request], Awaitable[StreamResponse]]
|
|
) -> StreamResponse:
|
|
"""Process request and add headers to the responses."""
|
|
try:
|
|
response = await handler(request)
|
|
except HTTPException as err:
|
|
err.headers.update(added_headers)
|
|
raise
|
|
|
|
response.headers.update(added_headers)
|
|
return response
|
|
|
|
app.middlewares.append(headers_middleware)
|