From ec5b790b51714e22454ae642bf9e29414bd68b63 Mon Sep 17 00:00:00 2001 From: jacob Date: Wed, 2 Jan 2019 17:29:01 +0800 Subject: [PATCH] Extend example of modifying the request in middleware document --- docs/sanic/extensions.md | 2 +- docs/sanic/middleware.md | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/sanic/extensions.md b/docs/sanic/extensions.md index 7a5a7b91..d3653069 100644 --- a/docs/sanic/extensions.md +++ b/docs/sanic/extensions.md @@ -41,7 +41,7 @@ A list of Sanic extensions created by the community. ## Project Creation Template -- [cookiecutter-sanic](https://github.com/harshanarayana/cookiecutter-sanic) Get your sanic application up and running in a matter of second in a well defined project structure. +- [cookiecutter-sanic](https://github.com/harshanarayana/cookiecutter-sanic): Get your sanic application up and running in a matter of second in a well defined project structure. Batteries included for deployment, unit testing, automated release management and changelog generation. ## Templating diff --git a/docs/sanic/middleware.md b/docs/sanic/middleware.md index 823d3916..14880d7a 100644 --- a/docs/sanic/middleware.md +++ b/docs/sanic/middleware.md @@ -36,20 +36,31 @@ this. ``` app = Sanic(__name__) + +@app.middleware('request') +async def add_key(request): + # Add a key to request object like dict object + request['foo'] = 'bar' + + @app.middleware('response') async def custom_banner(request, response): response.headers["Server"] = "Fake-Server" + @app.middleware('response') async def prevent_xss(request, response): response.headers["x-xss-protection"] = "1; mode=block" + app.run(host="0.0.0.0", port=8000) ``` -The above code will apply the two middleware in order. First, the middleware +The above code will apply the three middleware in order. The first middleware +**add_key** will add a new key `foo` into `request` object. This worked due to +`request` object can be manipulated like `dict` object. Then, the second middleware **custom_banner** will change the HTTP response header *Server* to -*Fake-Server*, and the second middleware **prevent_xss** will add the HTTP +*Fake-Server*, and the last middleware **prevent_xss** will add the HTTP header for preventing Cross-Site-Scripting (XSS) attacks. These two functions are invoked *after* a user function returns a response.