From 62a5bdbbb07746f129e52a3fd8c840f60893859b Mon Sep 17 00:00:00 2001
From: AAGaming <aa@mail.catvibers.me>
Date: Sun, 18 Sep 2022 14:49:56 -0400
Subject: add more URLs to bypass authentication

---
 backend/helpers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'backend/helpers.py')

diff --git a/backend/helpers.py b/backend/helpers.py
index c54139cc..3a109dca 100644
--- a/backend/helpers.py
+++ b/backend/helpers.py
@@ -27,7 +27,7 @@ def get_csrf_token():
 
 @middleware
 async def csrf_middleware(request, handler):
-    if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)):
+    if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or str(request.rel_url).startswith("/frontend/") or assets_regex.match(str(request.rel_url)) or frontend_regex.match(str(request.rel_url)):
         return await handler(request)
     return Response(text='Forbidden', status='403')
 
-- 
cgit v1.2.3