中控
This commit is contained in:
@@ -137,19 +137,40 @@ def embed_frame_ancestors() -> str:
|
||||
return " ".join(origins) if origins else "*"
|
||||
|
||||
|
||||
def set_session_cookie(response, request, token: str) -> None:
|
||||
def set_session_cookie(response, request, token: str, *, embed: bool = False) -> None:
|
||||
"""
|
||||
embed=True:LocalNav 等跨站 iframe 嵌入时须 SameSite=None + Secure(仅 HTTPS 有效)。
|
||||
"""
|
||||
secure = cookie_secure_for_request(request)
|
||||
samesite = "lax"
|
||||
if embed:
|
||||
secure = True
|
||||
samesite = "none"
|
||||
response.set_cookie(
|
||||
SESSION_COOKIE,
|
||||
token,
|
||||
httponly=True,
|
||||
samesite="lax",
|
||||
samesite=samesite,
|
||||
path="/",
|
||||
max_age=SESSION_MAX_AGE_SEC,
|
||||
secure=secure,
|
||||
)
|
||||
|
||||
|
||||
def clear_session_cookie(response, request, *, embed: bool = False) -> None:
|
||||
secure = cookie_secure_for_request(request)
|
||||
samesite = "lax"
|
||||
if embed:
|
||||
secure = True
|
||||
samesite = "none"
|
||||
response.delete_cookie(
|
||||
SESSION_COOKIE,
|
||||
path="/",
|
||||
secure=secure,
|
||||
samesite=samesite,
|
||||
)
|
||||
|
||||
|
||||
def is_public_path(path: str, method: str) -> bool:
|
||||
p = (path or "").split("?")[0].rstrip("/") or "/"
|
||||
if p.startswith("/assets"):
|
||||
|
||||
Reference in New Issue
Block a user