geckon01/decky-loader
1
0
Fork 0
mirror of https://github.com/SteamDeckHomebrew/decky-loader.git synced 2026-06-15 18:13:40 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
198591dbd7b0b6dd311ab9265d4cda4a733ee280
decky-loader/backend/helpers.py
AAGaming f21d34506d Implement CSRF protection
2022-08-05 21:16:29 -04:00

20 lines
756 B
Python
Raw Blame History

from aiohttp.web import middleware, Response
import ssl
import certifi
import uuid
ssl_ctx = ssl.create_default_context(cafile=certifi.where())
csrf_token = str(uuid.uuid4())
def get_ssl_context():
return ssl_ctx
def get_csrf_token():
return csrf_token
@middleware
async def csrf_middleware(request, handler):
if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/"):
return await handler(request)
return Response(text='Forbidden', status='403')
Reference in New Issue View Git Blame Copy Permalink