o 3a @s@ddlZddlmZddlmZddlmZGdddeZdS)N)settings)HttpResponsePermanentRedirect)MiddlewareMixincs.eZdZdfdd ZddZddZZS) SecurityMiddlewareNcsbt|tj|_tj|_tj|_tj |_ tj |_ tj |_tj|_ddtjD|_tj|_dS)NcSsg|]}t|qS)recompile).0rrrsz/SecurityMiddleware.__init__..)super__init__rSECURE_HSTS_SECONDS sts_secondsSECURE_HSTS_INCLUDE_SUBDOMAINSsts_include_subdomainsSECURE_HSTS_PRELOAD sts_preloadSECURE_CONTENT_TYPE_NOSNIFFcontent_type_nosniffSECURE_BROWSER_XSS_FILTER xss_filterSECURE_SSL_REDIRECTredirectSECURE_SSL_HOST redirect_hostSECURE_REDIRECT_EXEMPTredirect_exemptSECURE_REFERRER_POLICYreferrer_policy)self get_response __class__rr r s  zSecurityMiddleware.__init__cs`|jd|jr*|s,tfdd|jDs.|jp|}td|| fSdSdSdS)N/c3s|]}|VqdSN)search)r patternpathrr sz5SecurityMiddleware.process_request..z https://%s%s) r*lstripr is_secureanyrrget_hostr get_full_path)r!requesthostrr)r process_requests   z"SecurityMiddleware.process_requestc Cs|jr#|r#d|vr#d|j}|jr|d}|jr|d}||jd<|jr-|jdd|jr7|jdd|jrV|jd d t |jt rQd d |j d Dn|j|S) NzStrict-Transport-Securityz max-age=%sz; includeSubDomainsz ; preloadzX-Content-Type-OptionsnosniffzX-XSS-Protectionz 1; mode=blockzReferrer-Policy,cSsg|]}|qSr)strip)r vrrr r 5sz7SecurityMiddleware.process_response..) rr-rrheadersr setdefaultrr join isinstancestrsplit)r!r1response sts_headerrrr process_response!s&    z#SecurityMiddleware.process_responser&)__name__ __module__ __qualname__rr3r@ __classcell__rrr#r rs  r)r django.confr django.httprdjango.utils.deprecationrrrrrr s