rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-06-05 21:59:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply CORS Settings

Browse Source
This commit is contained in:
10sa
2023-02-14 20:05:51 +09:00
parent 9490c898c9
commit 1041fb77f7
2 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
package.json
View File

@@ -10,7 +10,8 @@
"rimraf": "^3.0.2", "rimraf": "^3.0.2",
"sharp": "^0.31.3", "sharp": "^0.31.3",
"csrf-csrf": "^2.2.3", "csrf-csrf": "^2.2.3",
"cookie-parser": "^1.4.6" "cookie-parser": "^1.4.6",
"cors": "^2.8.5"
}, },
"name": "TavernAI", "name": "TavernAI",
"version": "1.2.7", "version": "1.2.7",

15
server.js
View File

@@ -17,9 +17,8 @@ sharp.cache(false);
const path = require('path'); const path = require('path');
const cookieParser = require('cookie-parser'); const cookieParser = require('cookie-parser');
const crypto = require('crypto'); const crypto = require('crypto');
const doubleCsrf = require('csrf-csrf').doubleCsrf;
const config = require('./config.json'); const config = require('./config.json');
const server_port = config.port; const server_port = config.port;
@@ -54,6 +53,9 @@ var is_colab = false;
const jsonParser = express.json({limit: '100mb'}); const jsonParser = express.json({limit: '100mb'});
const urlencodedParser = express.urlencoded({extended: true, limit: '100mb'}); const urlencodedParser = express.urlencoded({extended: true, limit: '100mb'});
// CSRF Protection //
const doubleCsrf = require('csrf-csrf').doubleCsrf;
const CSRF_SECRET = crypto.randomBytes(8).toString('hex'); const CSRF_SECRET = crypto.randomBytes(8).toString('hex');
const COOKIES_SECRET = crypto.randomBytes(8).toString('hex'); const COOKIES_SECRET = crypto.randomBytes(8).toString('hex');
@@ -77,6 +79,15 @@ app.get("/csrf-token", (req, res) => {
app.use(cookieParser(COOKIES_SECRET)); app.use(cookieParser(COOKIES_SECRET));
app.use(doubleCsrfProtection); app.use(doubleCsrfProtection);
// CORS Settings //
const cors = require('cors');
const CORS = cors({
origin: 'null',
methods: ['OPTIONS']
})
app.use(CORS);
app.use(function (req, res, next) { //Security app.use(function (req, res, next) { //Security
const clientIp = req.connection.remoteAddress.split(':').pop(); const clientIp = req.connection.remoteAddress.split(':').pop();
if (whitelistMode === true && !whitelist.includes(clientIp)) { if (whitelistMode === true && !whitelist.includes(clientIp)) {