from ipsilon.providers.common import ProviderPageBase
from ipsilon.util.user import UserSession
+from ipsilon.util.endpoint import allow_iframe
import base64
import cherrypy
return True
return False
+ @allow_iframe
def POST(self, *args, **kwargs):
if 'email' not in kwargs or 'publicKey' not in kwargs \
or 'certDuration' not in kwargs or '@' not in kwargs['email']:
class SignInResult(AuthenticateRequest):
+ @allow_iframe
def GET(self, *args, **kwargs):
user = UserSession().get_user()
self.result = SignInResult(*args, **kwargs)
self.trans = None
+ @allow_iframe
def GET(self, *args, **kwargs):
username = None
domain = None
self.SignIn = SignIn(*args, **kwargs)
self.trans = None
+ @allow_iframe
def GET(self, *args, **kwargs):
user = UserSession().get_user()
return self._template('persona/provisioning.html',
from ipsilon.util.log import Log
from ipsilon.util.user import UserSession
from urllib import unquote
+from functools import wraps
try:
from urlparse import urlparse
except ImportError:
from urllib.parse import urlparse
+def allow_iframe(func):
+ """
+ Remove the X-Frame-Options and CSP frame-options deny headers.
+ """
+ @wraps(func)
+ def wrapper(*args, **kwargs):
+ result = func(*args, **kwargs)
+ for (header, value) in [
+ ('X-Frame-Options', 'deny'),
+ ('Content-Security-Policy', 'frame-options \'deny\'')]:
+ if cherrypy.response.headers.get(header, None) == value:
+ cherrypy.response.headers.pop(header, None)
+ return result
+
+ return wrapper
+
+
class Endpoint(Log):
def __init__(self, site):
self._site = site
self.default_headers = {
'Cache-Control': 'no-cache, no-store, must-revalidate, private',
'Pragma': 'no-cache',
+ 'Content-Security-Policy': 'frame-options \'deny\'',
+ 'X-Frame-Options': 'deny',
}
self.auth_protect = False