Functions
check_sse_speculation
1
list[ContractIssue]
▼
Warn when SSE/streaming routes lack ``referenced=True``.
SSE endpoints include…
check_sse_speculation
1
list[ContractIssue]
▼
def check_sse_speculation(router: Router) -> list[ContractIssue]
Warn when SSE/streaming routes lackreferenced=True.
SSE endpoints included in browser speculation rules cause silent
prefetch connections that hang. Routes whose handler source contains
EventStream or reactive_stream should set referenced=True
to be excluded from speculation.
Parameters
| Name | Type | Description |
|---|---|---|
router |
Router |
Returns
list[ContractIssue]
check_csrf_session_order
1
list[ContractIssue]
▼
Error when CSRFMiddleware is registered without SessionMiddleware.
CSRF tokens…
check_csrf_session_order
1
list[ContractIssue]
▼
def check_csrf_session_order(middleware_list: list[Any]) -> list[ContractIssue]
Error when CSRFMiddleware is registered without SessionMiddleware.
CSRF tokens are stored in the session. If SessionMiddleware is missing or ordered after CSRFMiddleware, CSRF validation will fail at request time with a confusing error.
Parameters
| Name | Type | Description |
|---|---|---|
middleware_list |
list[Any] |
Returns
list[ContractIssue]
check_middleware_signatures
1
list[ContractIssue]
▼
Warn when middleware has a ``__call__`` signature that won't work.
Chirp middl…
check_middleware_signatures
1
list[ContractIssue]
▼
def check_middleware_signatures(middleware_list: list[Any]) -> list[ContractIssue]
Warn when middleware has a__call__signature that won't work.
Chirp middleware must be async callables accepting(request, next)
and returning a response. Wrong signatures crash at request time with
confusing tracebacks.
Parameters
| Name | Type | Description |
|---|---|---|
middleware_list |
list[Any] |
Returns
list[ContractIssue]
check_secret_key
1
list[ContractIssue]
▼
Error when secret_key is empty in non-development environments.
Sessions and C…
check_secret_key
1
list[ContractIssue]
▼
def check_secret_key(config: Any) -> list[ContractIssue]
Error when secret_key is empty in non-development environments.
Sessions and CSRF tokens are signed with the secret key. An empty key provides no security — anyone can forge tokens.
Parameters
| Name | Type | Description |
|---|---|---|
config |
Any |
Returns
list[ContractIssue]
check_allowed_hosts
1
list[ContractIssue]
▼
Warn/error when host validation is permissive outside development.
check_allowed_hosts
1
list[ContractIssue]
▼
def check_allowed_hosts(config: Any) -> list[ContractIssue]
Parameters
| Name | Type | Description |
|---|---|---|
config |
Any |
Returns
list[ContractIssue]