aboutsummaryrefslogtreecommitdiffstats
path: root/examples/complex/sslstrip.py
diff options
context:
space:
mode:
Diffstat (limited to 'examples/complex/sslstrip.py')
-rw-r--r--examples/complex/sslstrip.py6
1 files changed, 4 insertions, 2 deletions
diff --git a/examples/complex/sslstrip.py b/examples/complex/sslstrip.py
index 8b904216..16d9b59a 100644
--- a/examples/complex/sslstrip.py
+++ b/examples/complex/sslstrip.py
@@ -51,9 +51,11 @@ def response(flow: http.HTTPFlow) -> None:
flow.response.headers['Location'] = location.replace('https://', 'http://', 1)
# strip upgrade-insecure-requests in Content-Security-Policy header
- if re.search('upgrade-insecure-requests', flow.response.headers.get('Content-Security-Policy', ''), flags=re.IGNORECASE):
+ csp_header = flow.response.headers.get('Content-Security-Policy', '')
+ if re.search('upgrade-insecure-requests', csp_header, flags=re.IGNORECASE):
csp = flow.response.headers['Content-Security-Policy']
- flow.response.headers['Content-Security-Policy'] = re.sub(r'upgrade-insecure-requests[;\s]*', '', csp, flags=re.IGNORECASE)
+ new_header = re.sub(r'upgrade-insecure-requests[;\s]*', '', csp, flags=re.IGNORECASE)
+ flow.response.headers['Content-Security-Policy'] = new_header
# strip secure flag from 'Set-Cookie' headers
cookies = flow.response.headers.get_all('Set-Cookie')
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 10:12:58 +0000