mirror of
https://github.com/esphome/esphome.git
synced 2024-11-28 17:54:13 +01:00
Require xsrf/csrf when using a password (#6396)
This commit is contained in:
parent
61f11386a9
commit
9b7438a56d
2 changed files with 7 additions and 1 deletions
|
@ -688,6 +688,11 @@ class MainRequestHandler(BaseHandler):
|
||||||
@authenticated
|
@authenticated
|
||||||
def get(self) -> None:
|
def get(self) -> None:
|
||||||
begin = bool(self.get_argument("begin", False))
|
begin = bool(self.get_argument("begin", False))
|
||||||
|
if settings.using_password:
|
||||||
|
# Simply accessing the xsrf_token sets the cookie for us
|
||||||
|
self.xsrf_token # pylint: disable=pointless-statement
|
||||||
|
else:
|
||||||
|
self.clear_cookie("_xsrf")
|
||||||
|
|
||||||
self.render(
|
self.render(
|
||||||
"index.template.html",
|
"index.template.html",
|
||||||
|
@ -1102,6 +1107,7 @@ def make_app(debug=get_bool_env(ENV_DEV)) -> tornado.web.Application:
|
||||||
"log_function": log_function,
|
"log_function": log_function,
|
||||||
"websocket_ping_interval": 30.0,
|
"websocket_ping_interval": 30.0,
|
||||||
"template_path": get_base_frontend_path(),
|
"template_path": get_base_frontend_path(),
|
||||||
|
"xsrf_cookies": settings.using_password,
|
||||||
}
|
}
|
||||||
rel = settings.relative_url
|
rel = settings.relative_url
|
||||||
return tornado.web.Application(
|
return tornado.web.Application(
|
||||||
|
|
|
@ -12,7 +12,7 @@ pyserial==3.5
|
||||||
platformio==6.1.13 # When updating platformio, also update Dockerfile
|
platformio==6.1.13 # When updating platformio, also update Dockerfile
|
||||||
esptool==4.7.0
|
esptool==4.7.0
|
||||||
click==8.1.7
|
click==8.1.7
|
||||||
esphome-dashboard==20231107.0
|
esphome-dashboard==20240319.0
|
||||||
aioesphomeapi==23.1.1
|
aioesphomeapi==23.1.1
|
||||||
zeroconf==0.131.0
|
zeroconf==0.131.0
|
||||||
python-magic==0.4.27
|
python-magic==0.4.27
|
||||||
|
|
Loading…
Reference in a new issue