diff options
| author | AAGaming <aa@mail.catvibers.me> | 2022-09-18 14:49:56 -0400 |
|---|---|---|
| committer | AAGaming <aa@mail.catvibers.me> | 2022-09-18 14:49:56 -0400 |
| commit | 62a5bdbbb07746f129e52a3fd8c840f60893859b (patch) | |
| tree | f9fc04957d9314f238b66604ceb46c632a25a5c7 | |
| parent | 7716c73014a645d3742c24eaa7c7b1d54e081363 (diff) | |
| download | decky-loader-62a5bdbbb07746f129e52a3fd8c840f60893859b.tar.gz decky-loader-62a5bdbbb07746f129e52a3fd8c840f60893859b.zip | |
add more URLs to bypass authentication
| -rw-r--r-- | backend/helpers.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/backend/helpers.py b/backend/helpers.py index c54139cc..3a109dca 100644 --- a/backend/helpers.py +++ b/backend/helpers.py @@ -27,7 +27,7 @@ def get_csrf_token(): @middleware async def csrf_middleware(request, handler): - if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)): + if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)): return await handler(request) return Response(text='Forbidden', status='403') |