来自127.0.0.1的http api请求开启secret校验

防止http代理越过鉴权
2026-06-13 03:31:45 +08:00 · 2023-07-27 15:42:53 +08:00
parent c1f6517471
commit 2c8a46862b
2 changed files with 44 additions and 46 deletions
--- a/server/WebApi.h
+++ b/server/WebApi.h
@@ -229,11 +229,9 @@ bool checkArgs(Args &args, const First &first, const KeyTypes &...keys) {
        if (!HttpFileManager::isIPAllowed(ip)) { \
            throw AuthException("Your ip is not allowed to access the service."); \
        } \
-        if (ip != "127.0.0.1") { \
-            CHECK_ARGS("secret"); \
-            if (api_secret != allArgs["secret"]) { \
-                throw AuthException("secret错误"); \
-            } \
+        CHECK_ARGS("secret"); \
+        if (api_secret != allArgs["secret"]) { \
+            throw AuthException("secret错误"); \
        } \
    } while(false);