l.s.w.publication : module documentation

Part of lp.services.webapp

No module docstring
Function maybe_block_offsite_form_post Check if an attempt was made to post a form from a remote site.
Class ProfilingOops Fake exception used to log OOPS information when profiling pages.
Class LoginRoot Object that provides IPublishTraverse to return only itself.
Class LaunchpadBrowserPublication Subclass of z.a.publication.BrowserPublication that removes ZODB.
Function is_browser Return True if we believe the request was from a browser.
Function tracelog Emit a message to the ITraceLog, or do nothing if there is none.
def maybe_block_offsite_form_post(request):
Check if an attempt was made to post a form from a remote site.

This is a cross-site request forgery (XSRF/CSRF) countermeasure.

The OffsiteFormPostError exception is raised if the following
holds true:
  1. the request method is POST *AND*
  2. a. the HTTP referer header is empty *OR*
     b. the host portion of the referrer is not a registered vhost
def is_browser(request):
Return True if we believe the request was from a browser.

There will be false positives and false negatives, as we can only tell this from the User-Agent: header and this cannot be trusted.

Almost all web browsers provide a User-Agent: header starting with 'Mozilla'. This is good enough for our uses. We also add a few other common matches as well for good measure. We could massage one of the user-agent databases that are available into a usable, but we would gain little.

def tracelog(request, prefix, msg):
Emit a message to the ITraceLog, or do nothing if there is none.

The message will be prefixed by prefix to make writing parsers easier. prefix should be unique and contain no spaces, and preferably a single character to save space.

API Documentation for Launchpad, generated by pydoctor at 2018-08-14 00:00:04.