mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
865c414504
This commit introduces a middleware function which adds
the following security headers to each response:
- Content-Security-Policy
- This includes a new `nonce`, which is tied to a user
via authentication middleware. Both an anonymous user
and an authenticated user recieve their own random nonces.
- X-Content-Type-Options
- Referrer-Policy
- X-Frame-Options
They are then tested for existence in test/test_routes.py.
Note: The overcomplicated-looking asyncio behavior in the
middleware function is used to avoid a warning about the old
coroutine awaits being deprecated. See
https://docs.python.org/3/library/asyncio-task.html#asyncio.wait
for more detail.
Signed-off-by: Kevin Morris <kevr@0cost.org>
30 lines
1.2 KiB
HTML
30 lines
1.2 KiB
HTML
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
|
|
<script type="text/javascript" src="/static/js/bootstrap-typeahead.min.js"></script>
|
|
<script type="text/javascript" nonce="{{ request.user.nonce }}">
|
|
$(document).ready(function() {
|
|
$('#pkgsearch-field').typeahead({
|
|
source: function(query, callback) {
|
|
$.getJSON('/rpc', {type: "suggest", arg: query}, function(data) {
|
|
callback(data);
|
|
});
|
|
},
|
|
matcher: function(item) { return true; },
|
|
sorter: function(items) { return items; },
|
|
menu: '<ul class="pkgsearch-typeahead"></ul>',
|
|
items: 20,
|
|
updater: function(item) {
|
|
document.location = '/packages/' + item;
|
|
return item;
|
|
}
|
|
}).attr('autocomplete', 'off');
|
|
|
|
$('#pkgsearch-field').keydown(function(e) {
|
|
if (e.keyCode == 13) {
|
|
var selectedItem = $('ul.pkgsearch-typeahead li.active');
|
|
if (selectedItem.length == 0) {
|
|
$('#pkgsearch-form').submit();
|
|
}
|
|
}
|
|
});
|
|
});
|
|
</script>
|