2024-03-13 13:50:57 +00:00
|
|
|
|
# coding=utf-8
|
|
|
|
|
|
"""
|
|
|
|
|
|
@project: maxkb
|
|
|
|
|
|
@Author:虎
|
|
|
|
|
|
@file: static_headers_middleware.py
|
|
|
|
|
|
@date:2024/3/13 18:26
|
|
|
|
|
|
@desc:
|
|
|
|
|
|
"""
|
|
|
|
|
|
from django.db.models import QuerySet
|
|
|
|
|
|
from django.utils.deprecation import MiddlewareMixin
|
|
|
|
|
|
|
|
|
|
|
|
from application.models.api_key_model import ApplicationAccessToken
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class StaticHeadersMiddleware(MiddlewareMixin):
|
|
|
|
|
|
def process_response(self, request, response):
|
|
|
|
|
|
if request.path.startswith('/ui/chat/'):
|
|
|
|
|
|
access_token = request.path.replace('/ui/chat/', '')
|
|
|
|
|
|
application_access_token = QuerySet(ApplicationAccessToken).filter(access_token=access_token).first()
|
2024-03-14 06:30:50 +00:00
|
|
|
|
if application_access_token is not None and application_access_token.white_active:
|
2024-03-13 13:50:57 +00:00
|
|
|
|
# 添加自定义的响应头
|
|
|
|
|
|
response['Content-Security-Policy'] = f'frame-ancestors {" ".join(application_access_token.white_list)}'
|
|
|
|
|
|
return response
|
