CSP¶

CSP (Content Security Policy) middleware signals to a browser to only execute scripts which have come from the same domain. This provides some defence against cross site scripting.

Usage¶

from piccolo_api.csp.middleware import CSPMiddleware

app = CSPMiddleware(my_asgi_app)

Source¶

CSPConfig¶

class piccolo_api.csp.middleware.CSPConfig(report_uri: 't.Optional[bytes]' = None, default_src: 'str' = 'self')[source]¶

CSPMiddleware¶

class piccolo_api.csp.middleware.CSPMiddleware(app: ASGIApp, config: CSPConfig = CSPConfig())[source]¶: Adds Content Security Policy headers to the response.