修复登录
This commit is contained in:
@@ -92,8 +92,30 @@ def validate_session_token(token: str | None) -> bool:
|
||||
return True
|
||||
|
||||
|
||||
def cookie_secure() -> bool:
|
||||
return (os.getenv("HUB_COOKIE_SECURE") or "").strip().lower() in ("1", "true", "yes", "on")
|
||||
def cookie_secure_env_enabled() -> bool:
|
||||
"""是否在 .env 中启用「HTTPS 时带 Secure Cookie」策略。"""
|
||||
return (os.getenv("HUB_COOKIE_SECURE") or "").strip().lower() in (
|
||||
"1",
|
||||
"true",
|
||||
"yes",
|
||||
"on",
|
||||
)
|
||||
|
||||
|
||||
def cookie_secure_for_request(request) -> bool:
|
||||
"""
|
||||
仅在实际 HTTPS 访问时设置 Secure Cookie。
|
||||
这样可同时支持:域名 HTTPS 反代 + 内网 http://IP:5100 登录。
|
||||
"""
|
||||
if not cookie_secure_env_enabled():
|
||||
return False
|
||||
proto = (
|
||||
(request.headers.get("x-forwarded-proto") or request.url.scheme or "http")
|
||||
.split(",")[0]
|
||||
.strip()
|
||||
.lower()
|
||||
)
|
||||
return proto == "https"
|
||||
|
||||
|
||||
def is_public_path(path: str, method: str) -> bool:
|
||||
|
||||
Reference in New Issue
Block a user