mirror of
https://git.sr.ht/~tsileo/microblog.pub
synced 2024-12-22 05:04:27 +00:00
Prevent replay attacks with TLS1.3 0-RTT
This commit is contained in:
parent
40c4a4413d
commit
4e445a7207
1 changed files with 10 additions and 1 deletions
11
app/main.py
11
app/main.py
|
@ -8,6 +8,7 @@ from typing import Any
|
|||
from typing import MutableMapping
|
||||
from typing import Type
|
||||
|
||||
import fastapi
|
||||
import httpx
|
||||
import starlette
|
||||
from asgiref.typing import ASGI3Application
|
||||
|
@ -165,7 +166,15 @@ class CustomMiddleware:
|
|||
return None
|
||||
|
||||
|
||||
app = FastAPI(docs_url=None, redoc_url=None)
|
||||
def _check_0rtt_early_data(request: Request) -> None:
|
||||
"""Disable TLS1.3 0-RTT requests for non-GET."""
|
||||
if request.headers.get("Early-Data", None) == "1" and request.method != "GET":
|
||||
raise fastapi.HTTPException(status_code=425, detail="Too early")
|
||||
|
||||
|
||||
app = FastAPI(
|
||||
docs_url=None, redoc_url=None, dependencies=[Depends(_check_0rtt_early_data)]
|
||||
)
|
||||
app.mount(
|
||||
"/custom_emoji",
|
||||
StaticFiles(directory="data/custom_emoji"),
|
||||
|
|
Loading…
Reference in a new issue