/usr/lib/python2.7/dist-packages/notebook/services/security/handlers.py is in python-notebook 5.2.2-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | """Tornado handlers for security logging."""
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
from tornado import web
from ...base.handlers import APIHandler
from . import csp_report_uri
class CSPReportHandler(APIHandler):
'''Accepts a content security policy violation report'''
_track_activity = False
def skip_check_origin(self):
"""Don't check origin when reporting origin-check violations!"""
return True
def check_xsrf_cookie(self):
# don't check XSRF for CSP reports
return
@web.authenticated
def post(self):
'''Log a content security policy violation report'''
self.log.warning("Content security violation: %s",
self.request.body.decode('utf8', 'replace'))
default_handlers = [
(csp_report_uri, CSPReportHandler)
]
|