From eaf7239dd15eb3823e1ff63ec027ad6757ef086d Mon Sep 17 00:00:00 2001 From: Marco Rodolfi Date: Sun, 29 Jan 2023 17:42:32 +0100 Subject: [PATCH] Added whitelist for locales path. --- backend/helpers.py | 2 +- frontend/package.json | 2 +- frontend/pnpm-lock.yaml | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/backend/helpers.py b/backend/helpers.py index 7cab512b..7d6d4bfb 100644 --- a/backend/helpers.py +++ b/backend/helpers.py @@ -32,7 +32,7 @@ def get_csrf_token(): @middleware async def csrf_middleware(request, handler): - if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)): + if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/locales/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)): return await handler(request) return Response(text='Forbidden', status='403') diff --git a/frontend/package.json b/frontend/package.json index da86e6d7..4fe0cc1a 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -47,7 +47,7 @@ "i18next-http-backend": "^2.1.1", "i18next-browser-languagedetector": "^7.0.1", "react-file-icon": "^1.2.0", - "react-i18next": "^12.0.0", + "react-i18next": "^12.1.4", "react-icons": "^4.4.0", "react-markdown": "^8.0.3", "remark-gfm": "^3.0.1" diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml index 3c2fc1ab..349cf412 100644 --- a/frontend/pnpm-lock.yaml +++ b/frontend/pnpm-lock.yaml @@ -23,7 +23,7 @@ specifiers: react: 16.14.0 react-dom: 16.14.0 react-file-icon: ^1.2.0 - react-i18next: ^12.0.0 + react-i18next: ^12.1.4 react-icons: ^4.4.0 react-markdown: ^8.0.3 remark-gfm: ^3.0.1 @@ -40,7 +40,7 @@ dependencies: i18next-browser-languagedetector: 7.0.1 i18next-http-backend: 2.1.1 react-file-icon: 1.2.0_wcqkhtmu7mswc6yz4uyexck3ty - react-i18next: 12.0.0_goxgninut6ie3oe2kpsp3ellgm + react-i18next: 12.1.4_goxgninut6ie3oe2kpsp3ellgm react-icons: 4.4.0_react@16.14.0 react-markdown: 8.0.3_vshvapmxg47tngu7tvrsqpq55u remark-gfm: 3.0.1 @@ -2211,8 +2211,8 @@ packages: tinycolor2: 1.4.2 dev: false - /react-i18next/12.0.0_goxgninut6ie3oe2kpsp3ellgm: - resolution: {integrity: sha512-/O7N6aIEAl1FaWZBNvhdIo9itvF/MO/nRKr9pYqRc9LhuC1u21SlfwpiYQqvaeNSEW3g3qUXLREOWMt+gxrWbg==} + /react-i18next/12.1.4_goxgninut6ie3oe2kpsp3ellgm: + resolution: {integrity: sha512-XQND7jYtgM7ht5PH3yIZljCRpAMTlH/zmngM9ZjToqa+0BR6xuu8c7QF0WIIOEjcMTB2S3iOfpN/xG/ZrAnO6g==} peerDependencies: i18next: '>= 19.0.0' react: '>= 16.8.0' @@ -2224,7 +2224,7 @@ packages: react-native: optional: true dependencies: - '@babel/runtime': 7.20.1 + '@babel/runtime': 7.20.13 html-parse-stringify: 3.0.1 i18next: 22.4.9 react: 16.14.0