zmiany w acl

2025-05-13 08:21:44 +02:00
parent 3d54f95a01
commit 1a62bbae2a
2 changed files with 53 additions and 30 deletions
--- a/app.py
+++ b/app.py
@ -328,20 +328,56 @@ def create_admin_account():
        db.session.add(main_admin)
        db.session.commit()

+
@app.after_request
-def add_security_headers(response):
+def apply_headers(response):
+    gc = get_global_config()
+
+    custom_headers = app.config.get("ADD_HEADERS", {})
+    if isinstance(custom_headers, dict):
+        for header, value in custom_headers.items():
+            response.headers[header] = str(value)
+
+    if response.status_code in (301, 302, 303, 307, 308):
+        response.headers.pop("Vary", None)
+        return response
+
+    if request.endpoint == 'robots':
+        return response
+
+    if 400 <= response.status_code < 500:
+        response.headers["Cache-Control"] = "no-store"
+        response.headers["Content-Type"] = "text/html; charset=utf-8"
+        response.headers.pop("Vary", None)
+
+    elif 500 <= response.status_code < 600:
+        response.headers["Cache-Control"] = "no-store"
+        response.headers["Content-Type"] = "text/html; charset=utf-8"
+        response.headers["Retry-After"] = "120"
+        response.headers.pop("Vary", None)
+
+    elif request.path.startswith("/admin"):
+        response.headers.pop("Vary", None)
+        response.headers["Cache-Control"] = "no-store, no-cache, must-revalidate, max-age=0"
+
+    else:
+        response.headers["Vary"] = "Cookie, Accept-Encoding"
+        cache_control_value = getattr(gc, "cache_control", None) or "private, max-age=0"
+        response.headers["Cache-Control"] = cache_control_value
+
    if app.config.get("BLOCK_BOTS", False):
-        cache_control = app.config.get("CACHE_CONTROL_HEADER")
-        if cache_control:
-            response.headers["Cache-Control"] = cache_control
-            # Jeśli Cache-Control jest ustawiony, usuwamy Pragma
+        cc = app.config.get("CACHE_CONTROL_HEADER")
+        if cc:
+            response.headers["Cache-Control"] = cc
            response.headers.pop("Pragma", None)
        else:
            response.headers["Cache-Control"] = "no-store, no-cache, must-revalidate, max-age=0"
            response.headers["Pragma"] = app.config.get("PRAGMA_HEADER", "no-cache")
        response.headers["X-Robots-Tag"] = app.config.get("ROBOTS_TAG", "noindex, nofollow, nosnippet, noarchive")
+
    return response

+
@app.route('/admin/settings', methods=['GET', 'POST'])
@login_required
 def admin_settings():
@ -396,28 +432,6 @@ def robots():
        robots_txt = "User-agent: *\nAllow: /"
    return robots_txt, 200, {'Content-Type': 'text/plain'}

-@app.route('/debug/headers')
-def debug_headers():
-    ip_sources = {
-        "CF-Connecting-IP": request.headers.get("CF-Connecting-IP"),
-        "X-Real-IP": request.headers.get("X-Real-IP"),
-        "X-Forwarded-For": request.headers.get("X-Forwarded-For"),
-        "remote_addr": request.remote_addr,
-    }
-    
-    all_headers = dict(request.headers)
-    
-    response_html = "<h2>Nagłówki IP</h2><ul>"
-    for key, val in ip_sources.items():
-        response_html += f"<li><strong>{key}:</strong> {val}</li>"
-    response_html += "</ul><hr><h2>Wszystkie nagłówki</h2><ul>"
-    
-    for key, val in all_headers.items():
-        response_html += f"<li><strong>{key}:</strong> {val}</li>"
-    response_html += "</ul>"
-    
-    return response_html
-

 if __name__ == '__main__':
    with app.app_context():