summaryrefslogtreecommitdiff
path: root/backend/decky_loader/helpers.py
diff options
context:
space:
mode:
Diffstat (limited to 'backend/decky_loader/helpers.py')
-rw-r--r--backend/decky_loader/helpers.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/backend/decky_loader/helpers.py b/backend/decky_loader/helpers.py
index 0cd6518b..76c3db0a 100644
--- a/backend/decky_loader/helpers.py
+++ b/backend/decky_loader/helpers.py
@@ -34,7 +34,7 @@ def get_csrf_token():
@middleware
async def csrf_middleware(request: Request, handler: Handler):
- if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)):
+ if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or str(request.rel_url.path) == "/ws" or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)):
return await handler(request)
return Response(text='Forbidden', status=403)
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-15 20:22:57 +0000