This commit is contained in:
dekun
2026-05-30 15:55:37 +08:00
parent b154f1230c
commit 979054546c
6 changed files with 92 additions and 10 deletions
+17
View File
@@ -18,6 +18,23 @@ def nav_embed_origins() -> str:
return (os.getenv("NAV_EMBED_ORIGINS") or "*").strip() or "*"
def nav_session_middleware_kwargs() -> dict:
"""
LocalNav 等跨站 iframe 内登录须 SameSite=None + Secure(仅 HTTPS 站点有效)。
NAV_EMBED_SESSION=1 强制开启;auto 时在配置了 NAV_EMBED_ORIGINS 时开启。
"""
raw = (os.getenv("NAV_EMBED_SESSION") or "auto").strip().lower()
if raw in ("0", "false", "no", "off"):
return {"same_site": "lax", "https_only": False}
if raw in ("1", "true", "yes", "on"):
return {"same_site": "none", "https_only": True}
if raw == "auto":
origins = nav_embed_origins()
if origins and origins != "*":
return {"same_site": "none", "https_only": True}
return {"same_site": "lax", "https_only": False}
def install_nav_embed(app) -> None:
if not nav_embed_allowed():
return