CSP — Aquilia Documentation
Comprehensive guide and documentation for CSP in the Aquilia framework. View API reference, examples, and implementation patterns.
MIDDLEWARE / CONTENT SECURITY POLICY CSPMiddleware The CSPMiddleware restricts resource loading, defending applications against Cross-Site Scripting (XSS) and data injection attacks. Fluent CSPPolicy Builder Rather than building manual policy strings, Aquilia provides the fluent CSPPolicy class to configure resource loading policies: .default_src(*sources) — Default fallback sources for most resource types. .script_src(*sources) — Specifies valid sources for JavaScript scripts. .style_src(*sources) — Specifies valid sources for style sheets. .img_src(*sources) — Specifies valid sources for images. .font_src(*sources) — Specifies valid sources for fonts. Request Nonce Generation When nonce=True is configured, the middleware automatically generates a cryptographically secure, per-request nonce (via secrets.token_urlsafe(16)). The nonce is injected into the policy string wherever 'nonce- "}' is declared, and is made accessible in templates via the request context: console.log("Safe script execution"); Usage Example from aquilia.middleware_ext import CSPMiddleware, CSPPolicy from aquilia.workspace import Workspace from aquilia.integrations import MiddlewareChain # Build policy fluently policy = ( CSPPolicy() .default_src("'self'") .script_src("'self'", "'nonce- '") .style_src("'self'", "'unsafe-inline'") ) workspace = Workspace("myapp").middleware( MiddlewareChain().use( "aquilia.middleware_ext.security:CSPMiddleware", priority=12, policy=policy, nonce=True ) ) Overview )
Go to Homepage