apifrom.security.permissions_policyο
Permissions Policy implementation for APIFromAnything.
This module provides utilities for implementing Permissions Policy (formerly Feature Policy), which allows developers to selectively enable, disable, or modify the behavior of certain browser features and APIs.
Overviewο
Classes
BaseMiddlewarePermissionsPolicyMiddleware
Classesο
- BaseMiddleware(**options):bases: abc.ABC
Base middleware class for APIFromAnything.
Allowlist values for Permissions Policy directives.
Permissions Policy directive constants.
Policy for configuring Permissions Policy.
This class represents a Permissions Policy that can be used to control which browser features and APIs are available to a document and its embedded frames.
Initialize the Permissions Policy.
- apifrom.security.permissions_policy._add_allowlist_value(directive, value)ο
Add an allowlist value to a directive.
- param directive:
The directive name
- param value:
The allowlist value
- apifrom.security.permissions_policy.add_directive(directive, allowlist)ο
Add a directive to the policy.
- param directive:
The directive name
- param allowlist:
The allowlist value(s)
- returns:
The policy instance for chaining
- apifrom.security.permissions_policy.disable_all()ο
Disable all features for all origins.
- returns:
The policy instance for chaining
- apifrom.security.permissions_policy.enable_for_self(directives)ο
Enable specified features for the same origin.
- param directives:
The directives to enable
- returns:
The policy instance for chaining
- apifrom.security.permissions_policy.to_header()ο
Convert the policy to a header value.
- returns:
The Permissions-Policy header value
- apifrom.security.permissions_policy.to_header_value()ο
Convert the policy to a header value.
This is an alias for to_header() for backward compatibility.
- returns:
The Permissions-Policy header value
Helper class for building Permissions Policy.
- apifrom.security.permissions_policy.create_api_policy()ο
- :staticmethod:
Create a Permissions Policy suitable for APIs.
- returns:
A Permissions Policy for APIs
- apifrom.security.permissions_policy.create_minimal_policy()ο
- :staticmethod:
Create a minimal Permissions Policy that disables sensitive features.
- returns:
A minimal Permissions Policy
- apifrom.security.permissions_policy.create_strict_policy()ο
- :staticmethod:
Create a strict Permissions Policy that disables all features.
- returns:
A strict Permissions Policy
- apifrom.security.permissions_policy.create_web_policy()ο
- :staticmethod:
Create a Permissions Policy suitable for web applications.
- returns:
A Permissions Policy for web applications
- PermissionsPolicyMiddleware(policy = None, exempt_paths = None):bases: apifrom.middleware.base.BaseMiddleware
Middleware for adding Permissions Policy headers to responses.
This middleware adds the Permissions-Policy header to responses to control which browser features and APIs are available to a document and its embedded frames.
Initialize the Permissions Policy middleware.
- param policy:
The Permissions Policy to apply
- param exempt_paths:
Paths exempt from Permissions Policy
- apifrom.security.permissions_policy._create_default_policy()ο
Create a default Permissions Policy.
- returns:
A default Permissions Policy
- apifrom.security.permissions_policy._is_exempt(request)ο
Check if a request is exempt from Permissions Policy.
- param request:
The request to check
- returns:
True if the request is exempt, False otherwise
- apifrom.security.permissions_policy.process_request(request)ο
- :async:
Process a request through the Permissions Policy middleware.
- param request:
The request to process
- returns:
The processed request
- apifrom.security.permissions_policy.process_response(response)ο
- :async:
Process a response through the Permissions Policy middleware.
- param response:
The response to process
- returns:
The processed response
- class apifrom.security.permissions_policy.Request(request=None, path_params=None, method=None, path=None, query_params=None, headers=None, body=None, client_ip=None)[source]ο
Request class for APIFromAnything.
This class wraps a Starlette request and provides methods for accessing request data in a convenient way.
- apifrom.security.permissions_policy._requestο
The underlying Starlette request.
- apifrom.security.permissions_policy.path_paramsο
Path parameters extracted from the URL.
- apifrom.security.permissions_policy.query_paramsο
Query parameters extracted from the URL.
- apifrom.security.permissions_policy.headersο
HTTP headers.
- apifrom.security.permissions_policy.methodο
HTTP method.
- apifrom.security.permissions_policy.pathο
Request path.
- apifrom.security.permissions_policy._bodyο
Cached request body.
Initialize a new Request instance.
- param request:
The underlying Starlette request.
- param path_params:
Path parameters extracted from the URL.
- param method:
The HTTP method.
- param path:
The request path.
- param query_params:
Query parameters.
- param headers:
HTTP headers.
- param body:
Request body.
- param client_ip:
Client IP address.
- class apifrom.security.permissions_policy.Response(content=None, status_code=200, headers=None, content_type='application/json')[source]ο
Response class for APIFromAnything.
This class represents an HTTP response and provides methods for setting response data, status code, and headers.
- apifrom.security.permissions_policy.contentο
The response content.
- apifrom.security.permissions_policy.status_codeο
The HTTP status code.
- apifrom.security.permissions_policy.headersο
HTTP headers.
- apifrom.security.permissions_policy.content_typeο
The content type of the response.
Initialize a new Response instance.
- param content:
The response content.
- param status_code:
The HTTP status code.
- param headers:
HTTP headers.
- param content_type:
The content type of the response.