diff options
| -rw-r--r-- | server.py | 4 | ||||
| -rw-r--r-- | settings.py | 9 |
2 files changed, 12 insertions, 1 deletions
@@ -204,7 +204,9 @@ def site_dispatch(env, start_response): method = env['REQUEST_METHOD'] path = env['PATH_INFO'] - if method == "POST" and client_address not in ('127.0.0.1', '::1'): + if (method == "POST" + and client_address not in ('127.0.0.1', '::1') + and not settings.allow_foreign_post_requests): yield error_code('403 Forbidden', start_response) return diff --git a/settings.py b/settings.py index 76d5db5..1482db0 100644 --- a/settings.py +++ b/settings.py @@ -53,6 +53,15 @@ For security reasons, enabling this is not recommended.''', 'category': 'network', }), + ('allow_foreign_post_requests', { + 'type': bool, + 'default': False, + 'comment': '''Enables requests from foreign addresses to make post requests. +For security reasons, enabling this is not recommended.''', + 'hidden': True, + 'category': 'network', + }), + ('subtitles_mode', { 'type': int, 'default': 0, |