Project
Function
Sample CLI
gway web.app security-middleware
References
['version']
Full Code
def security_middleware(app):
global _version
_version = _version or gw.version()
def wrapped_app(environ, start_response):
def custom_start_response(status, headers, exc_info=None):
headers = [(k, v) for k, v in headers if k.lower() != "server"]
headers += [
("Cache-Control", "no-cache"),
("X-Content-Type-Options", "nosniff"),
("Server", f"GWAY v{_version}"),
]
return start_response(status, headers, exc_info)
original_set_cookie = response.set_cookie
@wraps(original_set_cookie)
def secure_set_cookie(name, value, **kwargs):
is_secure = request.urlparts.scheme == "https"
kwargs.setdefault("secure", is_secure)
kwargs.setdefault("httponly", True)
kwargs.setdefault("samesite", "Lax")
kwargs.setdefault("path", "/")
return original_set_cookie(name, value, **kwargs)
response.set_cookie = secure_set_cookie
return app(environ, custom_start_response)
return wrapped_app