[Update] 검증 진행 로직 변경 및 csrf 로직 변경

2026-06-04 06:41:52 +09:00 · 2025-07-02 11:40:29 +09:00 · 2025-07-02 11:40:29 +09:00 · a1758a60d4
commit a1758a60d4
parent 4758d7a689
3 changed files with 8 additions and 4 deletions
--- a/addon/csrf_check.py
+++ b/addon/csrf_check.py
@ -9,7 +9,7 @@ from lib.utils.is_oauth_uri import is_oauth_uri

 class CsrfChecker:
    nonce_params = {
-        "state", "nonce", "as", "frame_id", "csrf_token", "csrf"
+        "state", "nonce", "csrf_token", "csrf"
    }

    def get_header(self, headers: http.Headers, name: str) -> Optional[str]:
--- a/addon/init.py
+++ b/addon/init.py
@ -38,6 +38,8 @@ class AddonBase:
            ".googlesyndication.com",
            "cdn.jsdelivr.net",
            "update.googleapis.com",
+            ".google-analytics.com",
+            ".gstatic.com"
        ]
        # Ignore .googleapis.com domains
        for domain in ignore_domains:
@ -62,11 +64,13 @@ class AddonBase:


    async def request(self, flow: http.HTTPFlow):
-        if false_true_varifing_task.is_verifing_false_true() or self.should_ignore(flow):
+        if self.google_login_hint:
+            await try_catch(self.google_login_hint.request(flow))
+            
+        if false_true_varifing_task.is_verifing_false_true():
            return
            
        tasks = [
-            try_catch(self.google_login_hint.request(flow)) if self.google_login_hint else None,
            try_catch(PKCEDowngradeChecker().test(flow)),
        ]
        await asyncio.gather(*tasks)