From 585d724564344b6a968f3fce24eab217ed0fe47d Mon Sep 17 00:00:00 2001
From: James Taylor <user234683@users.noreply.github.com>
Date: Mon, 8 Mar 2021 21:33:23 -0800
Subject: Add hidden setting to allow foreign post requests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

See #55

Signed-off-by: Jesús <heckyel@hyperbola.info>
---
 server.py   | 4 +++-
 settings.py | 9 +++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/server.py b/server.py
index 649de38..09a0a54 100644
--- a/server.py
+++ b/server.py
@@ -204,7 +204,9 @@ def site_dispatch(env, start_response):
         method = env['REQUEST_METHOD']
         path = env['PATH_INFO']
 
-        if method == "POST" and client_address not in ('127.0.0.1', '::1'):
+        if (method == "POST"
+                and client_address not in ('127.0.0.1', '::1')
+                and not settings.allow_foreign_post_requests):
             yield error_code('403 Forbidden', start_response)
             return
 
diff --git a/settings.py b/settings.py
index 76d5db5..1482db0 100644
--- a/settings.py
+++ b/settings.py
@@ -53,6 +53,15 @@ For security reasons, enabling this is not recommended.''',
         'category': 'network',
     }),
 
+    ('allow_foreign_post_requests', {
+        'type': bool,
+        'default': False,
+        'comment': '''Enables requests from foreign addresses to make post requests.
+For security reasons, enabling this is not recommended.''',
+        'hidden': True,
+        'category': 'network',
+    }),
+
     ('subtitles_mode', {
         'type': int,
         'default': 0,
-- 
cgit v1.2.3