fix:docker
This commit is contained in:
@@ -3,7 +3,7 @@
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<link rel="manifest" href="manifest.json" />
|
||||
<link rel="manifest" href="/manifest.json" />
|
||||
%sveltekit.head%
|
||||
</head>
|
||||
<body data-sveltekit-preload-data="hover">
|
||||
|
||||
@@ -9,8 +9,13 @@ export const handle: Handle = async ({ event, resolve }) => {
|
||||
// Skip CSRF check for GET/HEAD requests
|
||||
if (method !== 'GET' && method !== 'HEAD') {
|
||||
// For development, allow requests without origin header or from localhost
|
||||
if (!origin || origin.includes('localhost') || origin.includes('127.0.0.1')) {
|
||||
// Allow in development
|
||||
if (
|
||||
!origin ||
|
||||
origin.includes('localhost') ||
|
||||
origin.includes('127.0.0.1') ||
|
||||
origin.includes('demo.ziasvannes.tech')
|
||||
) {
|
||||
// Allow in development and demo
|
||||
}
|
||||
// In production, you would add: else if (origin !== 'yourdomain.com') { return new Response('Forbidden', { status: 403 }); }
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user