From c8a1f4b0921f91b5fd13909d762ee14ebcad1639 Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 18 Aug 2023 20:36:58 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=20csrf=20=E7=99=BB?= =?UTF-8?q?=E5=BD=95=E6=97=B6=E5=88=A4=E6=96=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/views/login.py | 9 ++++++--- apps/jumpserver/views/other.py | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py index 77f5ee14e..6405ad771 100644 --- a/apps/authentication/views/login.py +++ b/apps/authentication/views/login.py @@ -140,13 +140,16 @@ class UserLoginContextMixin: if not self.request.GET.get('csrf_failure'): return context + http_origin = self.request.META.get('HTTP_ORIGIN') http_referer = self.request.META.get('HTTP_REFERER') - if not http_referer: + http_origin = http_origin or http_referer + + if not http_origin: return context try: - referer = urlparse(http_referer) - context['error_origin'] = str(referer.netloc) + origin = urlparse(http_origin) + context['error_origin'] = str(origin.netloc) except ValueError: pass return context diff --git a/apps/jumpserver/views/other.py b/apps/jumpserver/views/other.py index 0336c0f2a..6a05acaa5 100644 --- a/apps/jumpserver/views/other.py +++ b/apps/jumpserver/views/other.py @@ -92,5 +92,5 @@ class ResourceDownload(TemplateView): def csrf_failure(request, reason=""): from django.shortcuts import reverse - login_url = reverse('authentication:login') + '?csrf_failure=1' + login_url = reverse('authentication:login') + '?csrf_failure=1&admin=1' return redirect(login_url)