| 916 | master: mitmproxy.tools.web.master.WebMaster |
| 917 | |
| 918 | def __init__( |
| 919 | self, master: mitmproxy.tools.web.master.WebMaster, debug: bool |
| 920 | ) -> None: |
| 921 | self.master = master |
| 922 | auth_addon: WebAuth = master.addons.get("webauth") |
| 923 | super().__init__( |
| 924 | handlers=handlers, # type: ignore # https://github.com/tornadoweb/tornado/pull/3455 |
| 925 | template_path=os.path.join(os.path.dirname(__file__), "templates"), |
| 926 | static_path=os.path.join(os.path.dirname(__file__), "static"), |
| 927 | xsrf_cookies=True, |
| 928 | # https://github.com/mitmproxy/mitmproxy/issues/8194 |
| 929 | # 2026-05: We can move back to the default cookie name in a few years. |
| 930 | xsrf_cookie_name="_mitmproxy_xsrf", |
| 931 | xsrf_cookie_kwargs=dict(samesite="Strict"), |
| 932 | cookie_secret=secrets.token_bytes(32), |
| 933 | debug=debug, |
| 934 | autoreload=False, |
| 935 | transforms=[GZipContentAndFlowFiles], |
| 936 | is_valid_password=auth_addon.is_valid_password, |
| 937 | auth_cookie_name=auth_addon.auth_cookie_name, |
| 938 | compiled_template_cache=False, # Vite |
| 939 | ) |