summaryrefslogtreecommitdiff
path: root/backend/src/helpers.py
diff options
context:
space:
mode:
Diffstat (limited to 'backend/src/helpers.py')
-rw-r--r--backend/src/helpers.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/backend/src/helpers.py b/backend/src/helpers.py
index f8796bd8..0acfd929 100644
--- a/backend/src/helpers.py
+++ b/backend/src/helpers.py
@@ -32,7 +32,7 @@ def get_csrf_token():
@middleware
async def csrf_middleware(request: Request, handler: Handler):
- if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)):
+ if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)):
return await handler(request)
return Response(text='Forbidden', status=403)
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-15 20:35:03 +0000