zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 静态资源白名单,添加非空判断

Browse Source
This commit is contained in:
shaohuzhang1 2024-03-14 14:30:50 +08:00
parent f91d44de22
commit 27d8285388
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/common/middleware/static_headers_middleware.py
View File

@ -17,7 +17,7 @@ class StaticHeadersMiddleware(MiddlewareMixin):
if request.path.startswith('/ui/chat/'): if request.path.startswith('/ui/chat/'):
access_token = request.path.replace('/ui/chat/', '') access_token = request.path.replace('/ui/chat/', '')
application_access_token = QuerySet(ApplicationAccessToken).filter(access_token=access_token).first() application_access_token = QuerySet(ApplicationAccessToken).filter(access_token=access_token).first()
if application_access_token.white_active: if application_access_token is not None and application_access_token.white_active:
# 添加自定义的响应头 # 添加自定义的响应头
response['Content-Security-Policy'] = f'frame-ancestors {" ".join(application_access_token.white_list)}' response['Content-Security-Policy'] = f'frame-ancestors {" ".join(application_access_token.white_list)}'
return response return response