Skip to content

Commit

Permalink
fix: only enable cors for relay routers to avoid csrf attack
Browse files Browse the repository at this point in the history
  • Loading branch information
songquanpeng committed Sep 17, 2023
1 parent 0d50ad4 commit 25c4c11
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 2 deletions.
2 changes: 0 additions & 2 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import (
"github.com/gin-gonic/gin"
"one-api/common"
"one-api/controller"
"one-api/middleware"
"one-api/model"
"one-api/router"
"os"
Expand Down Expand Up @@ -88,7 +87,6 @@ func main() {
server := gin.Default()
// This will cause SSE not to work!!!
//server.Use(gzip.Gzip(gzip.DefaultCompression))
server.Use(middleware.CORS())

// Initialize session store
store := cookie.NewStore([]byte(common.SessionSecret))
Expand Down
1 change: 1 addition & 0 deletions router/relay-router.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
)

func SetRelayRouter(router *gin.Engine) {
router.Use(middleware.CORS())
// https://platform.openai.com/docs/api-reference/introduction
modelsRouter := router.Group("/v1/models")
modelsRouter.Use(middleware.TokenAuth())
Expand Down

0 comments on commit 25c4c11

Please sign in to comment.