中控
This commit is contained in:
@@ -118,11 +118,43 @@ def cookie_secure_for_request(request) -> bool:
|
||||
return proto == "https"
|
||||
|
||||
|
||||
def embed_allowed() -> bool:
|
||||
"""允许被本地导航等页面 iframe 嵌入(默认开启,内网场景)。"""
|
||||
return (os.getenv("HUB_ALLOW_EMBED") or "true").strip().lower() in (
|
||||
"1",
|
||||
"true",
|
||||
"yes",
|
||||
"on",
|
||||
)
|
||||
|
||||
|
||||
def embed_frame_ancestors() -> str:
|
||||
"""CSP frame-ancestors;默认 *,可设 HUB_EMBED_ORIGINS=http://192.168.8.6:5070"""
|
||||
raw = (os.getenv("HUB_EMBED_ORIGINS") or "*").strip()
|
||||
if raw == "*":
|
||||
return "*"
|
||||
origins = [o.strip() for o in raw.split(",") if o.strip()]
|
||||
return " ".join(origins) if origins else "*"
|
||||
|
||||
|
||||
def set_session_cookie(response, request, token: str) -> None:
|
||||
secure = cookie_secure_for_request(request)
|
||||
response.set_cookie(
|
||||
SESSION_COOKIE,
|
||||
token,
|
||||
httponly=True,
|
||||
samesite="lax",
|
||||
path="/",
|
||||
max_age=SESSION_MAX_AGE_SEC,
|
||||
secure=secure,
|
||||
)
|
||||
|
||||
|
||||
def is_public_path(path: str, method: str) -> bool:
|
||||
p = (path or "").split("?")[0].rstrip("/") or "/"
|
||||
if p.startswith("/assets"):
|
||||
return True
|
||||
if p in ("/login", "/api/auth/login", "/api/auth/status", "/api/ping"):
|
||||
if p in ("/login", "/embed-auth", "/api/auth/login", "/api/auth/status", "/api/ping"):
|
||||
return True
|
||||
if p == "/api/auth/logout" and method.upper() == "POST":
|
||||
return True
|
||||
|
||||
Reference in New Issue
Block a user