apifrom.security.permissions_policy
===================================


Permissions Policy implementation for APIFromAnything.

This module provides utilities for implementing Permissions Policy (formerly Feature Policy),
which allows developers to selectively enable, disable, or modify the behavior of certain
browser features and APIs.



.. py:currentmodule:: apifrom.security.permissions_policy

Overview
--------

**Classes**

* :py:class:`BaseMiddleware`
* :py:class:`PermissionsAllowlist`
* :py:class:`PermissionsDirective`
* :py:class:`PermissionsPolicy`
* :py:class:`PermissionsPolicyBuilder`
* :py:class:`PermissionsPolicyMiddleware`
* :py:class:`Request`
* :py:class:`Response`






Classes
-------

.. py:class:: BaseMiddleware(**options):bases: abc.ABC


Base middleware class for APIFromAnything.

   This abstract class defines the interface for middleware components.
   Middleware components can process requests and responses.

   .. attribute:: options

      Options for the middleware.

      :type: dict

   Initialize a new BaseMiddleware instance.

   :param \*\*options: Options for the middleware.














.. py:class:: PermissionsAllowlist

Allowlist values for Permissions Policy directives.


.. :: ANY




.. :: NONE




.. :: SELF




.. :: SRC






.. py:class:: PermissionsDirective

Permissions Policy directive constants.


.. :: ACCELEROMETER




.. :: ALL




.. :: AMBIENT_LIGHT_SENSOR




.. :: AUTOPLAY




.. :: CAMERA




.. :: CLIPBOARD_READ




.. :: CLIPBOARD_WRITE




.. :: CROSS_ORIGIN_ISOLATED




.. :: DISPLAY_CAPTURE




.. :: DOCUMENT_DOMAIN




.. :: ENCRYPTED_MEDIA




.. :: EXECUTION_WHILE_NOT_RENDERED




.. :: EXECUTION_WHILE_OUT_OF_VIEWPORT




.. :: FOCUS_WITHOUT_USER_ACTIVATION




.. :: FORMS




.. :: FULLSCREEN




.. :: GEOLOCATION




.. :: GYROSCOPE




.. :: HOVERED_OVER_BROWSING_CONTEXT




.. :: IDLE_DETECTION




.. :: MAGNETOMETER




.. :: MICROPHONE




.. :: MIDI




.. :: NAVIGATION_OVERRIDE




.. :: PAYMENT




.. :: PICTURE_IN_PICTURE




.. :: POPUP




.. :: SCREEN_WAKE_LOCK




.. :: SPEAKER_SELECTION




.. :: SYNC_XHR




.. :: USB




.. :: VERTICAL_SCROLL




.. :: WEB_SHARE




.. :: XR_SPATIAL_TRACKING






.. py:class:: PermissionsPolicy

Policy for configuring Permissions Policy.

   This class represents a Permissions Policy that can be used to control
   which browser features and APIs are available to a document and its
   embedded frames.

   Initialize the Permissions Policy.


.. :: directives
   :annotation: Dict[str, Set[str]]







.. method:: _add_allowlist_value(directive, value)

   Add an allowlist value to a directive.

      :param directive: The directive name
      :param value: The allowlist value



.. method:: add_directive(directive, allowlist)

   Add a directive to the policy.

      :param directive: The directive name
      :param allowlist: The allowlist value(s)

      :returns: The policy instance for chaining



.. method:: disable_all()

   Disable all features for all origins.

      :returns: The policy instance for chaining



.. method:: enable_for_self(directives)

   Enable specified features for the same origin.

      :param directives: The directives to enable

      :returns: The policy instance for chaining



.. method:: to_header()

   Convert the policy to a header value.

      :returns: The Permissions-Policy header value



.. method:: to_header_value()

   Convert the policy to a header value.

      This is an alias for to_header() for backward compatibility.

      :returns: The Permissions-Policy header value




.. py:class:: PermissionsPolicyBuilder

Helper class for building Permissions Policy.



.. method:: create_api_policy()
      :staticmethod:

   Create a Permissions Policy suitable for APIs.

      :returns: A Permissions Policy for APIs



.. method:: create_minimal_policy()
      :staticmethod:

   Create a minimal Permissions Policy that disables sensitive features.

      :returns: A minimal Permissions Policy



.. method:: create_strict_policy()
      :staticmethod:

   Create a strict Permissions Policy that disables all features.

      :returns: A strict Permissions Policy



.. method:: create_web_policy()
      :staticmethod:

   Create a Permissions Policy suitable for web applications.

      :returns: A Permissions Policy for web applications




.. py:class:: PermissionsPolicyMiddleware(policy = None, exempt_paths = None):bases: apifrom.middleware.base.BaseMiddleware


Middleware for adding Permissions Policy headers to responses.

   This middleware adds the Permissions-Policy header to responses
   to control which browser features and APIs are available to a document
   and its embedded frames.

   Initialize the Permissions Policy middleware.

   :param policy: The Permissions Policy to apply
   :param exempt_paths: Paths exempt from Permissions Policy




.. :: exempt_paths






.. :: policy







.. method:: _create_default_policy()

   Create a default Permissions Policy.

      :returns: A default Permissions Policy



.. method:: _is_exempt(request)

   Check if a request is exempt from Permissions Policy.

      :param request: The request to check

      :returns: True if the request is exempt, False otherwise



.. method:: process_request(request)
      :async:

   Process a request through the Permissions Policy middleware.

      :param request: The request to process

      :returns: The processed request



.. method:: process_response(response)
      :async:

   Process a response through the Permissions Policy middleware.

      :param response: The response to process

      :returns: The processed response




.. py:class:: Request(request = None, path_params = None, method = None, path = None, query_params = None, headers = None, body = None, client_ip = None)

Request class for APIFromAnything.

   This class wraps a Starlette request and provides methods for accessing
   request data in a convenient way.

   .. attribute:: _request

      The underlying Starlette request.

   .. attribute:: path_params

      Path parameters extracted from the URL.

   .. attribute:: query_params

      Query parameters extracted from the URL.

   .. attribute:: headers

      HTTP headers.

   .. attribute:: method

      HTTP method.

   .. attribute:: path

      Request path.

   .. attribute:: _body

      Cached request body.

   Initialize a new Request instance.

   :param request: The underlying Starlette request.
   :param path_params: Path parameters extracted from the URL.
   :param method: The HTTP method.
   :param path: The request path.
   :param query_params: Query parameters.
   :param headers: HTTP headers.
   :param body: Request body.
   :param client_ip: Client IP address.


















.. py:class:: Response(content = None, status_code = 200, headers = None, content_type = 'application/json')

Response class for APIFromAnything.

   This class represents an HTTP response and provides methods for setting
   response data, status code, and headers.

   .. attribute:: content

      The response content.

   .. attribute:: status_code

      The HTTP status code.

   .. attribute:: headers

      HTTP headers.

   .. attribute:: content_type

      The content type of the response.

   Initialize a new Response instance.

   :param content: The response content.
   :param status_code: The HTTP status code.
   :param headers: HTTP headers.
   :param content_type: The content type of the response.