mirror of
https://github.com/esphome/esphome.git
synced 2024-12-22 13:34:54 +01:00
Require xsrf/csrf when using a password (#6396)
This commit is contained in:
parent
a3bd8ad025
commit
c56c40cb82
2 changed files with 7 additions and 1 deletions
|
@ -688,6 +688,11 @@ class MainRequestHandler(BaseHandler):
|
|||
@authenticated
|
||||
def get(self) -> None:
|
||||
begin = bool(self.get_argument("begin", False))
|
||||
if settings.using_password:
|
||||
# Simply accessing the xsrf_token sets the cookie for us
|
||||
self.xsrf_token # pylint: disable=pointless-statement
|
||||
else:
|
||||
self.clear_cookie("_xsrf")
|
||||
|
||||
self.render(
|
||||
"index.template.html",
|
||||
|
@ -1102,6 +1107,7 @@ def make_app(debug=get_bool_env(ENV_DEV)) -> tornado.web.Application:
|
|||
"log_function": log_function,
|
||||
"websocket_ping_interval": 30.0,
|
||||
"template_path": get_base_frontend_path(),
|
||||
"xsrf_cookies": settings.using_password,
|
||||
}
|
||||
rel = settings.relative_url
|
||||
return tornado.web.Application(
|
||||
|
|
|
@ -12,7 +12,7 @@ pyserial==3.5
|
|||
platformio==6.1.13 # When updating platformio, also update Dockerfile
|
||||
esptool==4.7.0
|
||||
click==8.1.7
|
||||
esphome-dashboard==20231107.0
|
||||
esphome-dashboard==20240319.0
|
||||
aioesphomeapi==23.1.1
|
||||
zeroconf==0.131.0
|
||||
python-magic==0.4.27
|
||||
|
|
Loading…
Reference in a new issue