Merge pull request #11361 from jumpserver/pr@dev@perf_login_csrf

perf: 修改 csrf 登录时判断
2023-08-18 20:44:25 +08:00 · 2023-08-18 20:44:25 +08:00 · 3c497aa81e
parent 9dd2dc8907 c8a1f4b092
commit 3c497aa81e
2 changed files with 7 additions and 4 deletions
--- a/apps/authentication/views/login.py
+++ b/apps/authentication/views/login.py
@ -140,13 +140,16 @@ class UserLoginContextMixin:
        if not self.request.GET.get('csrf_failure'):
            return context

+        http_origin = self.request.META.get('HTTP_ORIGIN')
        http_referer = self.request.META.get('HTTP_REFERER')
-        if not http_referer:
+        http_origin = http_origin or http_referer
+
+        if not http_origin:
            return context

        try:
-            referer = urlparse(http_referer)
-            context['error_origin'] = str(referer.netloc)
+            origin = urlparse(http_origin)
+            context['error_origin'] = str(origin.netloc)
        except ValueError:
            pass
        return context
--- a/apps/jumpserver/views/other.py
+++ b/apps/jumpserver/views/other.py
@ -92,5 +92,5 @@ class ResourceDownload(TemplateView):

 def csrf_failure(request, reason=""):
    from django.shortcuts import reverse
-    login_url = reverse('authentication:login') + '?csrf_failure=1'
+    login_url = reverse('authentication:login') + '?csrf_failure=1&admin=1'
    return redirect(login_url)