CyberCP/csrfMiddleware.py

# -*- coding: utf-8 -*-
"""
Custom CSRF middleware that exempts /phpmyadmin/ and /snappymail/ so their
PHP sign-in forms (POST) do not get 403 CSRF verification failed.
"""
from django.middleware.csrf import CsrfViewMiddleware


class CsrfExemptPhpMyAdminMiddleware(CsrfViewMiddleware):
    """CSRF middleware that skips verification for phpMyAdmin and SnappyMail paths."""

    EXEMPT_PREFIXES = ('/phpmyadmin/', '/snappymail/')

    def process_view(self, request, callback, callback_args, callback_kwargs):
        if request.path.startswith(self.EXEMPT_PREFIXES):
            return None  # Skip CSRF check
        return super().process_view(request, callback, callback_args, callback_kwargs)
v2.5.5-dev: phpMyAdmin CSRF exempt, login error handling, phpMyAdmin install script - urls.py: serve_phpmyadmin with @csrf_exempt for sign-in POST - loginSystem/views.py: loadLoginPage error handling; friendly 503 on DB access denied - csrfMiddleware.py: optional path-based CSRF exempt for /phpmyadmin/, /snappymail/ - fix-phpmyadmin-install.sh: install/fix phpMyAdmin under public/phpmyadmin (signin + config) 2026-02-17 00:57:19 +01:00			`# -- coding: utf-8 --`
			`"""`
			`Custom CSRF middleware that exempts /phpmyadmin/ and /snappymail/ so their`
			`PHP sign-in forms (POST) do not get 403 CSRF verification failed.`
			`"""`
			`from django.middleware.csrf import CsrfViewMiddleware`


			`class CsrfExemptPhpMyAdminMiddleware(CsrfViewMiddleware):`
			`"""CSRF middleware that skips verification for phpMyAdmin and SnappyMail paths."""`

			`EXEMPT_PREFIXES = ('/phpmyadmin/', '/snappymail/')`

			`def process_view(self, request, callback, callback_args, callback_kwargs):`
			`if request.path.startswith(self.EXEMPT_PREFIXES):`
			`return None # Skip CSRF check`
			`return super().process_view(request, callback, callback_args, callback_kwargs)`