Classes
CSPNonceMiddleware
3
▼
Generate a per-request nonce and inject it into the CSP header.
Usage::
app.add_middleware(CS…
CSPNonceMiddleware
3
▼
Generate a per-request nonce and inject it into the CSP header.
Usage::
app.add_middleware(CSPNonceMiddleware())
Then in templates::
<script nonce="{{ csp_nonce() }}">...</script>
Methods
template_globals
0
dict
▼
Expose csp_nonce() as a template global.
property
template_globals
0
dict
▼
def template_globals(self) -> dict
Returns
dict
Internal Methods 2 ▼
__init__
2
▼
__init__
2
▼
def __init__(self, base_csp: str | None = None, *, unsafe_eval: bool = False) -> None
Parameters
| Name | Type | Description |
|---|---|---|
base_csp |
— |
Default:None
|
unsafe_eval |
— |
Default:False
|
__call__
2
AnyResponse
▼
async
__call__
2
AnyResponse
▼
async def __call__(self, request: Request, next: Next) -> AnyResponse
Parameters
| Name | Type | Description |
|---|---|---|
request |
— |
|
next |
— |
Returns
AnyResponse
Functions
get_csp_nonce
0
str
▼
Return the CSP nonce for the current request.
Raises ``LookupError`` if called…
get_csp_nonce
0
str
▼
def get_csp_nonce() -> str
Return the CSP nonce for the current request.
RaisesLookupErrorif called outside a request with CSP nonces enabled.
Returns
str
csp_nonce
0
str
▼
Template global: ``{{ csp_nonce() }}`` for ````.
Returns empty string if nonce…
csp_nonce
0
str
▼
def csp_nonce() -> str
Template global:{{ csp_nonce() }} for <script nonce="...">.
Returns empty string if nonces are not enabled (never breaks templates).
Returns
str