配置文件支持设置CSRF可信来源

2023-02-08 05:28:45 +08:00 · 2023-02-08 05:28:45 +08:00 · df5d2a3f96
commit df5d2a3f96
parent e43183212a
1 changed files with 7 additions and 0 deletions
--- a/MrDoc/settings.py
+++ b/MrDoc/settings.py
@ -248,6 +248,13 @@ X_FRAME_OPTIONS = CONFIG.get("x_frame","option",fallback='SAMEORIGIN')

 DATA_UPLOAD_MAX_MEMORY_SIZE = None

+# CSRF 可信来源
+csrf_str = CONFIG.get("csrf_origin","allow",fallback=[])
+if csrf_str == []:
+    CSRF_TRUSTED_ORIGINS = csrf_str
+else:
+    CSRF_TRUSTED_ORIGINS = csrf_str.split(',')
+
 # 跨域请求配置
 cors_str = CONFIG.get("cors_origin","allow",fallback=[])
 capacitor_origins = ['http://localhost','capacitor://localhost']