ED/FDEV-CAPI-Handler
1
0
Fork 0
mirror of https://github.com/norohind/FDEV-CAPI-Handler.git synced 2025-04-25 18:52:12 +03:00
Code Issues Projects Releases Wiki Activity

allow secret both in cookies and in headers

Browse Source
This commit is contained in:
norohind 2021-12-08 18:10:09 +03:00
parent 71fa51f69a
commit 17efd41457
Signed by: norohind
GPG Key ID: 01C3BECC26FB59E1
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
web.py
View File

@ -11,9 +11,12 @@ logger.propagate = False
def check_secret(req: falcon.request.Request, resp: falcon.response.Response, resource, params) -> None:
cookies_secret = req.headers.get('AUTH')
header_secret = req.headers.get('AUTH') # for legacy reasons
if cookies_secret != config.access_key:
cookies_secret = req.get_cookie_values('key')
if header_secret != config.access_key:
if cookies_secret is None or cookies_secret[0] != config.access_key:
raise falcon.HTTPForbidden