gerudo
/
rDrama
forked from rDrama/rDrama
1
0
Fork 0
Code Pull Requests Activity

dont generate nonce for xhr and increase nonce elngth

master
Aevann 2022-12-27 05:00:15 +02:00
parent 3ea03f33a6
commit 1715dc938d
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
files/routes/wrappers.py
View File

@ -41,9 +41,6 @@ def get_logged_in_user():
else:
session.pop("lo_user")
g.is_api = v and v.client
g.is_api_or_xhr = bool(g.is_api or request.headers.get("xhr"))
if request.method.lower() != "get" and get_setting('read_only_mode') and not (v and v.admin_level >= PERMS['SITE_BYPASS_READ_ONLY_MODE']):
abort(403)
@ -70,8 +67,10 @@ def get_logged_in_user():
t = time.strftime("%d/%B/%Y %H:%M:%S UTC", time.gmtime(time.time()))
log_file(f'@{v.username}, {v.truescore}, {ip}, {t}\n', 'eg.log')
if not g.is_api:
g.nonce = secrets.token_urlsafe(16)
g.is_api_or_xhr = bool((v and v.client) or request.headers.get("xhr"))
if not g.is_api_or_xhr:
g.nonce = secrets.token_urlsafe(31)
return v