accept-signature-script.py (1619B)
1 ''' 2 SRI Message Signature helper for `accept-signature` header validation for 3 <script> element requests. 4 5 It compares the `accept-signature` header delivered with a request to a 6 `header` GET parameter. If they match, a `matched` attribute on the current 7 script element will be set to true. 8 ''' 9 def main(request, response): 10 actual_header = request.headers.get(b'accept-signature', b'') 11 expected_header = request.GET.first(b'header', b'') 12 13 # Set common aspects of the response: 14 response.status = 200 15 response.headers.set(b'content-type', b'application/json') 16 response.headers.set(b'access-control-allow-origin', b'*') 17 response.headers.set(b'signature-input', \ 18 b'signature=("unencoded-digest";sf); ' \ 19 b'keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="; ' \ 20 b'tag="sri"') 21 22 # Do the exciting and complicated matching calculation: 23 body = b'document.currentScript.setAttribute(`matched`, false);' 24 digest = b'es+3YnsBqgi4mkbDZd3Vghz6PsqpNeg5CEJn7WOKzJI=' 25 signature = b'y91SB5QNcqsZBd0XOnuf83W1FOgTWYOP+0gJZ+Lj3JahopKDedZDne9LsJ1KmV4JnjpF8LF5jJzbOO5snLidAg==' 26 if actual_header == expected_header: 27 body = b'document.currentScript.setAttribute(`matched`, true);' 28 digest = b'dq6r7uJehA7JvZk7hczA4TM0uQ5Ad9WkKKihnuQ+B3c=' 29 signature = b'93PZphf5q5GJ0esZxDk/RJTG5WcExWsRAYSPgXdiQDQVyOH33qgwi0nvon9kQj7jdtoLg7uEOceGv/DBTAbRDQ==' 30 31 # Then set those bits. 32 response.content = body 33 response.headers.set(b'unencoded-digest', b'sha-256=:%s:' % digest) 34 response.headers.set(b'signature', b'signature=:%s:' % signature)