administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-03-19 14:48:22 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Restrict /api/config/raw to admin role to prevent credential leak to non-admin users (#22523)

Browse Source
This commit is contained in:
Josh Hawkins 2026-03-18 17:14:59 -05:00 committed by GitHub
parent ae9b307dfc
commit e78da2758d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
frigate/api/app.py
View File

@ -218,7 +218,7 @@ def config_raw_paths(request: Request):
return JSONResponse(content=raw_paths) return JSONResponse(content=raw_paths)
@router.get("/config/raw", dependencies=[Depends(allow_any_authenticated())]) @router.get("/config/raw", dependencies=[Depends(require_role(["admin"]))])
def config_raw(): def config_raw():
config_file = find_config_file() config_file = find_config_file()

1
frigate/api/auth.py
View File

@ -67,7 +67,6 @@ def require_admin_by_default():
"/stats", "/stats",
"/stats/history", "/stats/history",
"/config", "/config",
"/config/raw",
"/vainfo", "/vainfo",
"/nvinfo", "/nvinfo",
"/labels", "/labels",