SecurityManager

class SecurityManager(**properties: Any)

Superclasses: Object

Controls security settings in a WebContext.

The SecurityManager defines security settings for URI schemes in a WebContext. Get it from the context with get_security_manager(), and use it to register a URI scheme with a certain security level, or to check if it already has it.

Methods

class SecurityManager

register_uri_scheme_as_cors_enabled(scheme: str) → None

Register scheme as a CORS (Cross-origin resource sharing) enabled scheme.

This means that CORS requests are allowed. See W3C CORS specification http://www.w3.org/TR/cors/.

Parameters:

scheme – a URI scheme

register_uri_scheme_as_display_isolated(scheme: str) → None

Register scheme as a display isolated scheme.

This means that pages cannot display these URIs unless they are from the same scheme.

Parameters:

scheme – a URI scheme

register_uri_scheme_as_empty_document(scheme: str) → None

Register scheme as an empty document scheme.

This means that they are allowed to commit synchronously.

Parameters:

scheme – a URI scheme

register_uri_scheme_as_local(scheme: str) → None

Register scheme as a local scheme.

This means that other non-local pages cannot link to or access URIs of this scheme.

Parameters:

scheme – a URI scheme

register_uri_scheme_as_no_access(scheme: str) → None

Register scheme as a no-access scheme.

This means that pages loaded with this URI scheme cannot access pages loaded with any other URI scheme.

Parameters:

scheme – a URI scheme

register_uri_scheme_as_secure(scheme: str) → None

Register scheme as a secure scheme.

This means that mixed content warnings won’t be generated for this scheme when included by an HTTPS page.

Parameters:

scheme – a URI scheme

uri_scheme_is_cors_enabled(scheme: str) → bool

Whether scheme is considered as a CORS enabled scheme.

See also register_uri_scheme_as_cors_enabled().

Parameters:

scheme – a URI scheme

uri_scheme_is_display_isolated(scheme: str) → bool

Whether scheme is considered as a display isolated scheme.

See also register_uri_scheme_as_display_isolated().

Parameters:

scheme – a URI scheme

uri_scheme_is_empty_document(scheme: str) → bool

Whether scheme is considered as an empty document scheme.

See also register_uri_scheme_as_empty_document().

Parameters:

scheme – a URI scheme

uri_scheme_is_local(scheme: str) → bool

Whether scheme is considered as a local scheme.

See also register_uri_scheme_as_local().

Parameters:

scheme – a URI scheme

uri_scheme_is_no_access(scheme: str) → bool

Whether scheme is considered as a no-access scheme.

See also register_uri_scheme_as_no_access().

Parameters:

scheme – a URI scheme

uri_scheme_is_secure(scheme: str) → bool

Whether scheme is considered as a secure scheme.

See also register_uri_scheme_as_secure().

Parameters:

scheme – a URI scheme