Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: enhance CORS validation to support AJAX requests

Browse source
This commit is contained in:
Théophile Diot 2024-11-25 12:00:53 +01:00
parent d1d77207b7
commit cf64ad4a16
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/ui/app/routes/utils.py
View file

@ -315,8 +315,12 @@ def cors_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
fetch_mode = request.headers.get("Sec-Fetch-Mode")
if fetch_mode != "cors":
return Response("CORS request required", status=403)
x_requested_with = request.headers.get("X-Requested-With")
# Check for CORS mode or AJAX request
if fetch_mode != "cors" and (not x_requested_with or x_requested_with.lower() != "xmlhttprequest"):
return Response("CORS or AJAX request required", status=403)
return f(*args, **kwargs)
return decorated_function