forked from rDrama/rDrama
dont generate nonce for xhr and increase nonce elngth
parent
3ea03f33a6
commit
1715dc938d
|
@ -41,9 +41,6 @@ def get_logged_in_user():
|
||||||
else:
|
else:
|
||||||
session.pop("lo_user")
|
session.pop("lo_user")
|
||||||
|
|
||||||
g.is_api = v and v.client
|
|
||||||
g.is_api_or_xhr = bool(g.is_api or request.headers.get("xhr"))
|
|
||||||
|
|
||||||
if request.method.lower() != "get" and get_setting('read_only_mode') and not (v and v.admin_level >= PERMS['SITE_BYPASS_READ_ONLY_MODE']):
|
if request.method.lower() != "get" and get_setting('read_only_mode') and not (v and v.admin_level >= PERMS['SITE_BYPASS_READ_ONLY_MODE']):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
|
@ -70,8 +67,10 @@ def get_logged_in_user():
|
||||||
t = time.strftime("%d/%B/%Y %H:%M:%S UTC", time.gmtime(time.time()))
|
t = time.strftime("%d/%B/%Y %H:%M:%S UTC", time.gmtime(time.time()))
|
||||||
log_file(f'@{v.username}, {v.truescore}, {ip}, {t}\n', 'eg.log')
|
log_file(f'@{v.username}, {v.truescore}, {ip}, {t}\n', 'eg.log')
|
||||||
|
|
||||||
if not g.is_api:
|
g.is_api_or_xhr = bool((v and v.client) or request.headers.get("xhr"))
|
||||||
g.nonce = secrets.token_urlsafe(16)
|
|
||||||
|
if not g.is_api_or_xhr:
|
||||||
|
g.nonce = secrets.token_urlsafe(31)
|
||||||
|
|
||||||
return v
|
return v
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue