中控
This commit is contained in:
@@ -108,9 +108,38 @@ def install_on_app(
|
||||
"meta_fn": meta_fn,
|
||||
"views": views,
|
||||
}
|
||||
install_hub_embed_headers(app)
|
||||
register_hub_routes(app)
|
||||
|
||||
|
||||
def install_hub_embed_headers(app):
|
||||
"""允许复盘中控 iframe 内嵌打开本实例(须与 hub 的 HUB_EMBED_ORIGINS 或域名一致)。"""
|
||||
import os
|
||||
|
||||
allowed = (os.getenv("APP_ALLOW_HUB_EMBED") or "true").strip().lower() in (
|
||||
"1",
|
||||
"true",
|
||||
"yes",
|
||||
"on",
|
||||
)
|
||||
if not allowed:
|
||||
return
|
||||
origins = (
|
||||
(os.getenv("HUB_EMBED_PARENT_ORIGINS") or os.getenv("HUB_EMBED_ORIGINS") or "*")
|
||||
.strip()
|
||||
)
|
||||
|
||||
@app.after_request
|
||||
def _hub_embed_frame_headers(response):
|
||||
if origins == "*":
|
||||
response.headers["Content-Security-Policy"] = "frame-ancestors *"
|
||||
else:
|
||||
response.headers["Content-Security-Policy"] = (
|
||||
f"frame-ancestors 'self' {origins}"
|
||||
)
|
||||
return response
|
||||
|
||||
|
||||
def register_hub_routes(app):
|
||||
auth_disabled = False
|
||||
try:
|
||||
|
||||
Reference in New Issue
Block a user