From b6f25b5f3c694897a984956e9ff3d1d6fe394bc7 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 27 May 2026 17:20:09 +0800 Subject: [PATCH] fix: Change lang failed (#16861) Co-authored-by: wangruidong <940853815@qq.com> --- apps/jumpserver/middleware.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/apps/jumpserver/middleware.py b/apps/jumpserver/middleware.py index 54bb886dd..0b525f021 100644 --- a/apps/jumpserver/middleware.py +++ b/apps/jumpserver/middleware.py @@ -10,8 +10,8 @@ import pytz from django.conf import settings from django.core.exceptions import MiddlewareNotUsed from django.db.utils import OperationalError -from django.middleware.csrf import CsrfViewMiddleware from django.http.response import HttpResponseForbidden, JsonResponse +from django.middleware.csrf import CsrfViewMiddleware from django.shortcuts import HttpResponse from django.shortcuts import redirect from django.urls import reverse @@ -19,7 +19,6 @@ from django.utils import timezone from rest_framework import status from .utils import set_current_request -from common.utils.common import text_hmac_sha256 IGNORE_CSRF_CHECK = '*' in os.getenv("DOMAINS", "").split(',') @@ -184,6 +183,8 @@ class SafeRedirectMiddleware: return response target_host, target_port = self._split_host_port(parsed.netloc) origin_host, origin_port = self._split_host_port(request.get_host()) + if self.check_proxy_origin_verified(request, origin_host): + return response if target_host != origin_host: safe_redirect_url = '%s?%s' % (reverse('redirect-confirm'), f'next={quote(location)}') return redirect(safe_redirect_url) @@ -196,6 +197,12 @@ class SafeRedirectMiddleware: return host, port return netloc, '80' + def check_proxy_origin_verified(self, request, origin_host): + if settings.USE_X_FORWARDED_HOST and ("HTTP_X_FORWARDED_HOST" in request.META): + proxy_host, proxy_port = self._split_host_port(request.META["HTTP_X_FORWARDED_HOST"]) + return proxy_host == origin_host + return False + class CsrfCheckMiddleware(CsrfViewMiddleware): def _origin_verified(self, request):