Home Explore Help
Sign In
AI
/
new-api
mirror of https://github.com/QuantumNous/new-api.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix: only enable cors for relay routers to avoid csrf attack

JustSong 2 years ago
parent
0d50ad4b2b
commit
25c4c111ab
2 changed files with 1 additions and 2 deletions
Split View Show Diff Stats
  1. 0 2
      main.go
  2. 1 0
      router/relay-router.go

+ 0 - 2
main.go
View File 

@@ -7,7 +7,6 @@ import (
 
 	"github.com/gin-gonic/gin"
 
 	"one-api/common"
 
 	"one-api/controller"
 
-	"one-api/middleware"
 
 	"one-api/model"
 
 	"one-api/router"
 
 	"os"
 
@@ -88,7 +87,6 @@ func main() {
 
 	server := gin.Default()
 
 	// This will cause SSE not to work!!!
 
 	//server.Use(gzip.Gzip(gzip.DefaultCompression))
 
-	server.Use(middleware.CORS())
 
 
 	// Initialize session store
 
 	store := cookie.NewStore([]byte(common.SessionSecret))

+ 1 - 0
router/relay-router.go
View File 

@@ -8,6 +8,7 @@ import (
 
 )
 
 
 func SetRelayRouter(router *gin.Engine) {
 
+	router.Use(middleware.CORS())
 
 	// https://platform.openai.com/docs/api-reference/introduction
 
 	modelsRouter := router.Group("/v1/models")
 
 	modelsRouter.Use(middleware.TokenAuth())