mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2026-02-27 17:00:45 +01:00
adc2de08b8
- urls.py: serve_phpmyadmin with @csrf_exempt for sign-in POST - loginSystem/views.py: loadLoginPage error handling; friendly 503 on DB access denied - csrfMiddleware.py: optional path-based CSRF exempt for /phpmyadmin/, /snappymail/ - fix-phpmyadmin-install.sh: install/fix phpMyAdmin under public/phpmyadmin (signin + config)
18 lines
698 B
Python
18 lines
698 B
Python
# -*- coding: utf-8 -*-
|
|
"""
|
|
Custom CSRF middleware that exempts /phpmyadmin/ and /snappymail/ so their
|
|
PHP sign-in forms (POST) do not get 403 CSRF verification failed.
|
|
"""
|
|
from django.middleware.csrf import CsrfViewMiddleware
|
|
|
|
|
|
class CsrfExemptPhpMyAdminMiddleware(CsrfViewMiddleware):
|
|
"""CSRF middleware that skips verification for phpMyAdmin and SnappyMail paths."""
|
|
|
|
EXEMPT_PREFIXES = ('/phpmyadmin/', '/snappymail/')
|
|
|
|
def process_view(self, request, callback, callback_args, callback_kwargs):
|
|
if request.path.startswith(self.EXEMPT_PREFIXES):
|
|
return None # Skip CSRF check
|
|
return super().process_view(request, callback, callback_args, callback_kwargs)
|