Home Assistant Unofficial Reference 2024.12.1
headers.py
Go to the documentation of this file.
1 """Middleware that helps with the control of headers in our responses."""
2 
3 from __future__ import annotations
4 
5 from collections.abc import Awaitable, Callable
6 
7 from aiohttp.web import Application, Request, StreamResponse, middleware
8 from aiohttp.web_exceptions import HTTPException
9 
10 from homeassistant.core import callback
11 
12 
13 @callback
14 def setup_headers(app: Application, use_x_frame_options: bool) -> None:
15  """Create headers middleware for the app."""
16 
17  added_headers = {
18  "Referrer-Policy": "no-referrer",
19  "X-Content-Type-Options": "nosniff",
20  "Server": "", # Empty server header, to prevent aiohttp of setting one.
21  }
22 
23  if use_x_frame_options:
24  added_headers["X-Frame-Options"] = "SAMEORIGIN"
25 
26  @middleware
27  async def headers_middleware(
28  request: Request, handler: Callable[[Request], Awaitable[StreamResponse]]
29  ) -> StreamResponse:
30  """Process request and add headers to the responses."""
31  try:
32  response = await handler(request)
33  except HTTPException as err:
34  err.headers.update(added_headers)
35  raise
36 
37  response.headers.update(added_headers)
38  return response
39 
40  app.middlewares.append(headers_middleware)
homeassistant.components.http.headers.setup_headers
None setup_headers(Application app, bool use_x_frame_options)
Definition: headers.py:14