Add opt-in CORS bypass endpoint
This commit is contained in:
parent
0410540066
commit
b24d4f2340
|
@ -11,6 +11,7 @@ const allowKeysExposure = false; // If true, private API keys could be fetched t
|
|||
const skipContentCheck = false; // If true, no new default content will be delivered to you.
|
||||
const thumbnailsQuality = 95; // Quality of thumbnails. 0-100
|
||||
const disableChatBackup = false; // Disables the backup of chat logs to the /backups folder
|
||||
const enableCorsProxy = false; // Enables the CORS proxy for the frontend
|
||||
|
||||
// If true, Allows insecure settings for listen, whitelist, and authentication.
|
||||
// Change this setting only on "trusted networks". Do not change this value unless you are aware of the issues that can arise from changing this setting and configuring a insecure setting.
|
||||
|
|
45
server.js
45
server.js
|
@ -76,8 +76,11 @@ const cliArguments = yargs(hideBin(process.argv))
|
|||
type: 'boolean',
|
||||
default: null,
|
||||
describe: 'Automatically launch SillyTavern in the browser.'
|
||||
})
|
||||
.option('disableCsrf', {
|
||||
}).option('corsProxy', {
|
||||
type: 'boolean',
|
||||
default: false,
|
||||
describe: 'Enables CORS proxy',
|
||||
}).option('disableCsrf', {
|
||||
type: 'boolean',
|
||||
default: false,
|
||||
describe: 'Disables CSRF protection'
|
||||
|
@ -319,6 +322,44 @@ app.use(function (req, res, next) {
|
|||
next();
|
||||
});
|
||||
|
||||
if (config.enableCorsProxy === true || cliArguments.corsProxy === true) {
|
||||
console.log('Enabling CORS proxy');
|
||||
|
||||
app.use('/proxy/:url', async (req, res) => {
|
||||
const url = req.params.url; // get the url from the request path
|
||||
|
||||
// Disallow circular requests
|
||||
const serverUrl = req.protocol + '://' + req.get('host');
|
||||
if (url.startsWith(serverUrl)) {
|
||||
return res.status(400).send('Circular requests are not allowed');
|
||||
}
|
||||
|
||||
try {
|
||||
const headers = JSON.parse(JSON.stringify(req.headers));
|
||||
delete headers['x-csrf-token'];
|
||||
delete headers['host'];
|
||||
delete headers['referer'];
|
||||
delete headers['origin'];
|
||||
delete headers['cookie'];
|
||||
delete headers['sec-fetch-mode'];
|
||||
delete headers['sec-fetch-site'];
|
||||
delete headers['sec-fetch-dest'];
|
||||
|
||||
const bodyMethods = ['POST', 'PUT', 'PATCH'];
|
||||
|
||||
const response = await fetch(url, {
|
||||
method: req.method,
|
||||
headers: headers,
|
||||
body: bodyMethods.includes(req.method) ? JSON.stringify(req.body) : undefined,
|
||||
});
|
||||
|
||||
response.body.pipe(res); // pipe the response to the proxy response
|
||||
|
||||
} catch (error) {
|
||||
res.status(500).send('Error occurred while trying to proxy to: ' + url + ' ' + error);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
app.use(express.static(process.cwd() + "/public", {}));
|
||||
|
||||
|
|
Loading…
Reference in New Issue