Update app.py

app.py

@@ -148,7 +148,12 @@ for db in DATABASES:
 DATABASE_NEW = 'data_gc.db'
 
 
-
+# Функция для проверки заголовка Origin
+def check_origin():
+    origin = request.headers.get('Origin')
+    if origin != ALLOWED_ORIGIN:
+        return jsonify({"error": "Unauthorized access"}), 403
+    return None
 # Пример данных настроек
 api_key_sys_ser = ''
 ALLOWED_ORIGIN = ''
@@ -202,10 +207,20 @@ def save_settings(settings_dict):
 
 @app.route('/settings', methods=['GET'])
 def get_settings():
+    # Проверка заголовка Origin
+    origin_check = check_origin()
+    if origin_check:
+        return origin_check
+
     return jsonify(settings)
 
 @app.route('/settings', methods=['POST'])
 def save_settings_route():
+    # Проверка заголовка Origin
+    origin_check = check_origin()
+    if origin_check:
+        return origin_check
+
     data = request.json
     if data:
         for key, value in data.items():
@@ -215,7 +230,6 @@ def save_settings_route():
         return jsonify({'status': 'success'})
     else:
         return jsonify({'status': 'error', 'message': 'No data provided'}), 400
-
 @app.route('/set')
 def index_set():
     return render_template('settings.html')