otm.py 文件源码

def index():
    nonce = ''.join(random.sample(
        string.lowercase+string.digits, 16
    ))
    r = Response(render_template("otm.jinja",
        nonce=nonce
    ))
    r.headers['Content-Security-Policy'] = ';'.join((
        "default-src 'none'",
        "style-src 'nonce-%s'" % nonce,
        "script-src 'nonce-%s'" % nonce,
        "connect-src %s://%s/ws" % (
            "wss" if request.is_secure else "ws",
            request.host,
        ),
    ))
    r.headers['X-Frame-Options'] = 'DENY'
    return r