Add hidden setting to allow foreign post requests

See #55 Signed-off-by: Jesús <heckyel@hyperbola.info>
2021-03-08 21:33:23 -08:00 · 2021-03-08 21:33:23 -08:00 · 585d724564
commit 585d724564
parent e549b5f67c
2 changed files with 12 additions and 1 deletions
--- a/server.py
+++ b/server.py
@ -204,7 +204,9 @@ def site_dispatch(env, start_response):
        method = env['REQUEST_METHOD']
        path = env['PATH_INFO']

-        if method == "POST" and client_address not in ('127.0.0.1', '::1'):
+        if (method == "POST"
+                and client_address not in ('127.0.0.1', '::1')
+                and not settings.allow_foreign_post_requests):
            yield error_code('403 Forbidden', start_response)
            return

--- a/settings.py
+++ b/settings.py
@ -53,6 +53,15 @@ For security reasons, enabling this is not recommended.''',
        'category': 'network',
    }),

+    ('allow_foreign_post_requests', {
+        'type': bool,
+        'default': False,
+        'comment': '''Enables requests from foreign addresses to make post requests.
+For security reasons, enabling this is not recommended.''',
+        'hidden': True,
+        'category': 'network',
+    }),
+
    ('subtitles_mode', {
        'type': int,
        'default': 0,