(response)
| 873 | |
| 874 | @app.after_request |
| 875 | def after_request(response): |
| 876 | if config.LOG_AUTHENTICATED_USER: |
| 877 | if current_user.is_authenticated and current_user.username: |
| 878 | # HTTP headers are latin-1 only, so transliterate anything |
| 879 | # outside that range to avoid gunicorn 500s for unicode names. |
| 880 | safe = current_user.username.encode( |
| 881 | 'latin-1', 'replace').decode('latin-1') |
| 882 | # CR/LF and other control chars are valid latin-1 but Werkzeug |
| 883 | # rejects them in header values (would 500 every request for |
| 884 | # that user), so drop any non-printable characters too. |
| 885 | safe = ''.join(c for c in safe if c.isprintable()) |
| 886 | response.headers['X-Remote-User'] = safe |
| 887 | else: |
| 888 | response.headers.pop('X-Remote-User', None) |
| 889 | |
| 890 | if 'key' in request.args: |
| 891 | domain = dict() |
| 892 | if config.COOKIE_DEFAULT_DOMAIN and \ |
| 893 | config.COOKIE_DEFAULT_DOMAIN != 'localhost': |
| 894 | domain['domain'] = config.COOKIE_DEFAULT_DOMAIN |
| 895 | response.set_cookie('PGADMIN_INT_KEY', value=request.args['key'], |
| 896 | path=config.SESSION_COOKIE_PATH, |
| 897 | secure=config.SESSION_COOKIE_SECURE, |
| 898 | httponly=config.SESSION_COOKIE_HTTPONLY, |
| 899 | samesite=config.SESSION_COOKIE_SAMESITE, |
| 900 | **domain) |
| 901 | |
| 902 | SecurityHeaders.set_response_headers(response) |
| 903 | return response |
| 904 | |
| 905 | ########################################################################## |
| 906 | # Cache busting |
nothing calls this directly
no test coverage detected