`duck.http.middlewares.security.header`¶

Module for header middlewares.

Module Contents¶

Classes¶

`HeaderInjectionMiddleware`	HeaderInjectionMiddleware class mitigating against various header injection attacks like `Potential Session Fixation` (Multiple Cookies), `XSS` (Script Tag Detected), `Potential Open Redirect` (External URL), `Potential Cache Poisoning` (Anti-Caching Headers).
`HostMiddleware`	Host Middleware class mitigating against requests from unknown sources and other host header issues.

API¶

class duck.http.middlewares.security.header.HeaderInjectionMiddleware[source]¶

Bases: duck.http.middlewares.BaseMiddleware

HeaderInjectionMiddleware class mitigating against various header injection attacks like Potential Session Fixation (Multiple Cookies), XSS (Script Tag Detected), Potential Open Redirect (External URL), Potential Cache Poisoning (Anti-Caching Headers).

debug_message: str¶: ‘Header Injection Middleware: Potential header injection’

classmethod get_error_response(request) → duck.http.response.HttpBadRequestResponse[source]¶: Return necessary error response.

classmethod process_request(request)[source]¶: Process an incoming request for potential header injection.

class duck.http.middlewares.security.header.HostMiddleware[source]¶

Bases: duck.http.middlewares.BaseMiddleware

Host Middleware class mitigating against requests from unknown sources and other host header issues.

allowed_hosts¶: None

debug_message: str¶: ‘Host Middleware: Host invalid/unrecognized’

classmethod get_error_response(request) → duck.http.response.HttpBadRequestResponse[source]¶: Return the error response upon errors.

classmethod process_request(request)[source]¶: Process and incoming response.

duck.http.middlewares.security.header¶

Module Contents¶

Classes¶

API¶

`duck.http.middlewares.security.header`¶