lucaspalomodevelop/eventcally
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/eventcally.git synced 2026-03-13 00:07:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
eventcally/project/requests.py
Daniel Grams bcaeefc12e User.tos_accepted_at #473
2023-05-11 13:57:06 +02:00

56 lines
1.8 KiB
Python
Raw Blame History

from datetime import datetime, timedelta
from flask import g, redirect, request, url_for
from flask_login.utils import encode_cookie
from flask_security import current_user
from project import app
@app.after_request
def check_tos_accepted(response):
if (
response.status_code == 200
and request.endpoint
and not request.endpoint.startswith("api_")
and not request.endpoint.startswith("widget_")
and request.endpoint not in ["static", "user_accept_tos"]
and current_user
and current_user.is_authenticated
and not current_user.tos_accepted_at
):
return redirect(url_for("user_accept_tos", next=request.url))
return response
@app.after_request
def set_manage_admin_unit_cookie(response):
admin_unit = getattr(g, "manage_admin_unit", None)
if admin_unit:
encoded = encode_cookie(str(admin_unit.id))
response.set_cookie(
"manage_admin_unit_id",
value=encoded,
expires=datetime.utcnow() + timedelta(days=365),
secure=app.config["SESSION_COOKIE_SECURE"],
samesite=app.config["SESSION_COOKIE_SAMESITE"],
)
return response
@app.after_request
def set_response_headers(response):
if request and request.endpoint:
if request.endpoint != "static" and request.endpoint != "widget_event_dates":
response.headers["X-Frame-Options"] = "SAMEORIGIN"
response.headers["X-Content-Type-Options"] = "nosniff"
response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
response.headers[
"Content-Security-Policy"
] = "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' blob: data: *.openstreetmap.org; connect-src 'self' blob: data:;"
return response
Reference in New Issue View Git Blame Copy Permalink