diff options
| author | James Taylor <user234683@users.noreply.github.com> | 2021-03-08 21:33:23 -0800 |
|---|---|---|
| committer | Jesús <heckyel@hyperbola.info> | 2021-03-15 22:25:08 -0500 |
| commit | 585d724564344b6a968f3fce24eab217ed0fe47d (patch) | |
| tree | 57de253b3514e5d82e7ad7297e47897160ebd7dd | |
| parent | e549b5f67c4beff421a2b2b36f3b5031bfe8ed88 (diff) | |
| download | yt-local-585d724564344b6a968f3fce24eab217ed0fe47d.tar.lz yt-local-585d724564344b6a968f3fce24eab217ed0fe47d.tar.xz yt-local-585d724564344b6a968f3fce24eab217ed0fe47d.zip | |
Add hidden setting to allow foreign post requests
See #55
Signed-off-by: Jesús <heckyel@hyperbola.info>
| -rw-r--r-- | server.py | 4 | ||||
| -rw-r--r-- | settings.py | 9 |
2 files changed, 12 insertions, 1 deletions
@@ -204,7 +204,9 @@ def site_dispatch(env, start_response): method = env['REQUEST_METHOD'] path = env['PATH_INFO'] - if method == "POST" and client_address not in ('127.0.0.1', '::1'): + if (method == "POST" + and client_address not in ('127.0.0.1', '::1') + and not settings.allow_foreign_post_requests): yield error_code('403 Forbidden', start_response) return diff --git a/settings.py b/settings.py index 76d5db5..1482db0 100644 --- a/settings.py +++ b/settings.py @@ -53,6 +53,15 @@ For security reasons, enabling this is not recommended.''', 'category': 'network', }), + ('allow_foreign_post_requests', { + 'type': bool, + 'default': False, + 'comment': '''Enables requests from foreign addresses to make post requests. +For security reasons, enabling this is not recommended.''', + 'hidden': True, + 'category': 'network', + }), + ('subtitles_mode', { 'type': int, 'default': 0, |