NunoSempere/calibre-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for immediate logout with next="/logout"

Browse Source 
Fix tolino per default with deactivated Strict-Transport-Security
This commit is contained in:
Ozzieisaacs 2020-09-21 18:34:39 +02:00
parent eff8480d5c
commit f06cc25a99
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cps/web.py
View File

@ -132,7 +132,8 @@ def add_security_headers(resp):
resp.headers['X-Content-Type-Options'] = 'nosniff' resp.headers['X-Content-Type-Options'] = 'nosniff'
resp.headers['X-Frame-Options'] = 'SAMEORIGIN' resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
resp.headers['X-XSS-Protection'] = '1; mode=block' resp.headers['X-XSS-Protection'] = '1; mode=block'
# resp.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' if "tolino" not in request.headers.get('User-Agent'):
resp.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
log.debug(request.headers) log.debug(request.headers)
return resp return resp
@ -1439,6 +1440,8 @@ def login():
flash(_(u"Wrong Username or Password"), category="error") flash(_(u"Wrong Username or Password"), category="error")
next_url = request.args.get('next', default=url_for("web.index"), type=str) next_url = request.args.get('next', default=url_for("web.index"), type=str)
if url_for("web.logout") == next_url:
next_url = url_for("web.index")
return render_title_template('login.html', return render_title_template('login.html',
title=_(u"login"), title=_(u"login"),
next_url=next_url, next_url=next_url,