添加认证依赖和请求频率限制模块，增强安全性和防止API滥用

2025-12-14 19:39:56 +08:00
parent 071bf96e85
commit ea420f9f59
12 changed files with 509 additions and 55 deletions
--- a/src/webui/webui_server.py
+++ b/src/webui/webui_server.py
@@ -44,8 +44,15 @@ class WebUIServer:
                "http://127.0.0.1:8001",
            ],
            allow_credentials=True,  # 允许携带 Cookie
-            allow_methods=["*"],
-            allow_headers=["*"],
+            allow_methods=["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],  # 明确指定允许的方法
+            allow_headers=[
+                "Content-Type",
+                "Authorization",
+                "Accept",
+                "Origin",
+                "X-Requested-With",
+            ],  # 明确指定允许的头
+            expose_headers=["Content-Length", "Content-Type"],  # 允许前端读取的响应头
        )
        logger.debug("✅ CORS 中间件已配置")