Merge pull request #1684 from master3395/v2.5.5-dev

V2.5.5 dev

Author: master3395

.DS_Store

@@ -55,13 +55,13 @@ elif grep -q -E "CloudLinux 7|CloudLinux 8" /etc/os-release ; then
   Server_OS="CloudLinux"
 elif grep -q -E "Rocky Linux" /etc/os-release ; then
   Server_OS="RockyLinux"
-elif grep -q -E "Ubuntu 18.04|Ubuntu 20.04|Ubuntu 20.10|Ubuntu 22.04" /etc/os-release ; then
+elif grep -q -E "Ubuntu 18.04|Ubuntu 20.04|Ubuntu 20.10|Ubuntu 22.04|Ubuntu 24.04" /etc/os-release ; then
   Server_OS="Ubuntu"
 elif grep -q -E "openEuler 20.03|openEuler 22.03" /etc/os-release ; then
   Server_OS="openEuler"
 else
   echo -e "Unable to detect your system..."
-  echo -e "\nCyberPanel is supported on x86_64 based Ubuntu 18.04, Ubuntu 20.04, Ubuntu 20.10, Ubuntu 22.04, CentOS 7, CentOS 8, AlmaLinux 8, RockyLinux 8, CloudLinux 7, CloudLinux 8, openEuler 20.03, openEuler 22.03...\n"
+  echo -e "\nCyberPanel is supported on x86_64 based Ubuntu 18.04, Ubuntu 20.04, Ubuntu 20.10, Ubuntu 22.04, Ubuntu 24.04, CentOS 7, CentOS 8, AlmaLinux 8, AlmaLinux 9, AlmaLinux 10, RockyLinux 8, CloudLinux 7, CloudLinux 8, openEuler 20.03, openEuler 22.03...\n"
   exit
 fi
 

CPScripts/mailscannerinstaller.sh

@@ -12,13 +12,13 @@ elif grep -q -E "CloudLinux 7|CloudLinux 8" /etc/os-release ; then
   Server_OS="CloudLinux"
 elif grep -q -E "Rocky Linux" /etc/os-release ; then
   Server_OS="RockyLinux"
-elif grep -q -E "Ubuntu 18.04|Ubuntu 20.04|Ubuntu 20.10|Ubuntu 22.04" /etc/os-release ; then
+elif grep -q -E "Ubuntu 18.04|Ubuntu 20.04|Ubuntu 20.10|Ubuntu 22.04|Ubuntu 24.04" /etc/os-release ; then
   Server_OS="Ubuntu"
 elif grep -q -E "openEuler 20.03|openEuler 22.03" /etc/os-release ; then
   Server_OS="openEuler"
 else
   echo -e "Unable to detect your system..."
-  echo -e "\nCyberPanel is supported on x86_64 based Ubuntu 18.04, Ubuntu 20.04, Ubuntu 20.10, Ubuntu 22.04, CentOS 7, CentOS 8, AlmaLinux 8, RockyLinux 8, CloudLinux 7, CloudLinux 8, openEuler 20.03, openEuler 22.03...\n"
+  echo -e "\nCyberPanel is supported on x86_64 based Ubuntu 18.04, Ubuntu 20.04, Ubuntu 20.10, Ubuntu 22.04, Ubuntu 24.04, CentOS 7, CentOS 8, AlmaLinux 8, AlmaLinux 9, AlmaLinux 10, RockyLinux 8, CloudLinux 7, CloudLinux 8, openEuler 20.03, openEuler 22.03...\n"
   exit
 fi
 

CPScripts/mailscanneruninstaller.sh

@@ -267,7 +267,7 @@ def __call__(self, request):
 
         response['X-XSS-Protection'] = "1; mode=block"
         response['X-Frame-Options'] = "sameorigin"
-        response['Content-Security-Policy'] = "script-src 'self' https://www.jsdelivr.com"
+        response['Content-Security-Policy'] = "script-src 'self' 'unsafe-inline' https://www.jsdelivr.com"
         response['Content-Security-Policy'] = "connect-src *;"
         response['Content-Security-Policy'] = "font-src 'self' 'unsafe-inline' https://www.jsdelivr.com https://fonts.googleapis.com"
         response[

CyberCP/secMiddleware.py

@@ -13,15 +13,15 @@
 import os
 from django.utils.translation import gettext_lazy as _
 
-# Patreon OAuth Configuration for Paid Plugins
-# SECURITY: Environment variables take precedence. Hardcoded values are fallback for this server only.
-# For repository version, use empty defaults and set via environment variables.
-PATREON_CLIENT_ID = os.environ.get('PATREON_CLIENT_ID', 'LFXeXUcfrM8MeVbUcmGbB7BgeJ9RzZi2v_H9wL4d9vG6t1dV4SUnQ4ibn9IYzvt7')
-PATREON_CLIENT_SECRET = os.environ.get('PATREON_CLIENT_SECRET', 'APuJ5qoL3TLFmNnGDVkgl-qr3sCzp2CQsKfslBbp32hhnhlD0y6-ZcSCkb_FaUJv')
+# Patreon OAuth (optional): for paid-plugin verification via Patreon membership.
+# Set these only if you use Patreon-gated plugins; leave unset otherwise.
+# Use environment variables; no defaults so the repo stays generic and safe to push to GitHub.
+PATREON_CLIENT_ID = os.environ.get('PATREON_CLIENT_ID', '')
+PATREON_CLIENT_SECRET = os.environ.get('PATREON_CLIENT_SECRET', '')
 PATREON_CREATOR_ID = os.environ.get('PATREON_CREATOR_ID', '')
-PATREON_MEMBERSHIP_TIER_ID = os.environ.get('PATREON_MEMBERSHIP_TIER_ID', '27789984')  # CyberPanel Paid Plugin tier
-PATREON_CREATOR_ACCESS_TOKEN = os.environ.get('PATREON_CREATOR_ACCESS_TOKEN', 'niAHRiI9SgrRCMmaf5exoXXphy3RWXWsX4kO5Yv9SQI')
-PATREON_CREATOR_REFRESH_TOKEN = os.environ.get('PATREON_CREATOR_REFRESH_TOKEN', 'VZlCQoPwJUr4NLni1N82-K_CpJHTAOYUOCx2PujdjQg')
+PATREON_MEMBERSHIP_TIER_ID = os.environ.get('PATREON_MEMBERSHIP_TIER_ID', '')
+PATREON_CREATOR_ACCESS_TOKEN = os.environ.get('PATREON_CREATOR_ACCESS_TOKEN', '')
+PATREON_CREATOR_REFRESH_TOKEN = os.environ.get('PATREON_CREATOR_REFRESH_TOKEN', '')
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -37,6 +37,22 @@
 
 ALLOWED_HOSTS = ['*']
 
+# When the panel is behind a reverse proxy (e.g. https://panel.example.com -> http://backend:port),
+# the browser sends Origin/Referer with the public domain while the proxy may send Host as the
+# backend address. Django then fails CSRF (Referer vs Host mismatch) and POSTs get 403.
+# Set CSRF_TRUSTED_ORIGINS to your public origin(s) so CSRF passes. Optional; leave unset if
+# you access the panel by IP:port only.
+# Example: export CSRF_TRUSTED_ORIGINS="https://panel.example.com,http://panel.example.com"
+_csrf_origins_env = os.environ.get('CSRF_TRUSTED_ORIGINS', '')
+_csrf_origins_list = [o.strip() for o in _csrf_origins_env.split(',') if o.strip()]
+# Add default trusted origins for common CyberPanel domains
+_default_origins = [
+    'https://cyberpanel.newstargeted.com',
+    'http://cyberpanel.newstargeted.com',
+]
+# Merge environment and default origins, avoiding duplicates
+CSRF_TRUSTED_ORIGINS = list(dict.fromkeys(_csrf_origins_list + _default_origins))
+
 # Application definition
 
 INSTALLED_APPS = [

CyberCP/settings.py

@@ -70,25 +70,25 @@ Fast • Secure • Scalable — Simplify hosting management with style.
 
 | OS family                  | Recommended / Supported |
 | -------------------------- | ----------------------: |
-| Ubuntu 24.04, 22.04, 20.04 |          ✅ Recommended |
+| AlmaLinux 10, 9, 8         |          ✅ Recommended |
+| CentOS 7                   |      ⚠️ Legacy — EOL |
+| CloudLinux 9, 8            |            ✅ Supported |
 | Debian 13, 12, 11          |            ✅ Supported |
-| AlmaLinux 10, 9, 8         |            ✅ Supported |
-| RockyLinux 9, 8            |            ✅ Supported |
 | RHEL 9, 8                  |            ✅ Supported |
-| CloudLinux 9, 8            |            ✅ Supported |
-| CentOS 7                   |      ⚠️ Legacy — EOL |
+| RockyLinux 9, 8            |            ✅ Supported |
+| Ubuntu 24.04, 22.04, 20.04 |          ✅ Recommended |
 
-> CyberPanel targets x86\_64 only. Test the unsupported OS in staging first.
+> **Architectures:** x86_64 (primary), aarch64/ARM64 (supported). AlmaLinux is the recommended RHEL-compatible distribution. Test unsupported OS in staging first.
 
 ---
 
 ## PHP support (short)
 
-* ✅ **Recommended**: PHP 8.5 (beta), 8.4, 8.3, 8.2, 8.1
-* ⚠️ **Legacy**: PHP 8.0, PHP 7.4 (security-only)
-* ❌ **Deprecated**: PHP 7.1, 7.2, 7.3 (no longer installed)
+* ✅ **Recommended**: PHP 8.5, 8.4
+* ⚠️ **Security fixes only**: PHP 8.3, 8.2, 8.1
+* ❌ **EOL / Deprecated**: PHP 8.0, 7.4, 7.1, 7.2, 7.3 (no longer supported)
 
-Third-party repositories (Remi, Ondrej) may provide older or niche versions; verify compatibility before use.
+Third-party repositories may provide older or niche versions; verify compatibility before use. RHEL/Alma/Rocky: [Remi RPM](https://rpms.remirepo.net/). Ubuntu/Debian: [Ondrej PPA](https://launchpad.net/~ondrej/+archive/ubuntu/php). See [php.net/supported-versions](https://www.php.net/supported-versions.php).
 
 ---