GitHub/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-05-27 15:39:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,299 Commits 1 Branch 113 Tags
3ecdae7c92d3d6523302157d90578c3ec501bbf6
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
MHSanaei 3ecdae7c92 fix(csrf): expose token endpoint for SPA pages and fetch it from axios 
The legacy panel pages got their CSRF token from a <meta name="csrf-token">
tag rendered by Go. SPA pages built by Vite don't have that, so every
unsafe (POST/PUT/DELETE) request from them was hitting CSRFMiddleware
with no token and getting 403 — visible as the settings page being
stuck on "Loading…" because POST /panel/setting/all failed.

- web/controller/xui.go: GET /panel/csrf-token returns the session
  token. Lives under the xui group so checkLogin still gates it; the
  CSRFMiddleware on the same group is a no-op for GET.
- frontend/src/api/axios-init.js: cache the token at module scope and
  lazy-fetch it when a non-safe request needs one. Seed from the meta
  tag first when present (legacy compat). On a 403 response, drop the
  cache and retry once — handles the case where a server restart
  rotated the token after the SPA loaded.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-08 13:20:26 +02:00
.github
Revert "Xray Core v26.5.3" buggy version(vless reverse doesn't work)
2026-05-06 08:52:36 +02:00
.vscode
DevTools
2025-10-02 01:47:12 +02:00
config
v2.9.4
2026-05-05 21:31:24 +02:00
database
new: vless reverse
2026-05-05 21:00:03 +02:00
docs/migrations
feat(frontend): Phase 5b — port four shared components to Vue 3
2026-05-08 11:52:52 +02:00
frontend
fix(csrf): expose token endpoint for SPA pages and fetch it from axios
2026-05-08 13:20:26 +02:00
logger
feat: add file logger support (#3575)
2025-10-09 17:39:29 +02:00
media
donate: nowpayments
2025-09-18 20:14:10 +02:00
sub
refactor(xhttp): split fields by direction, expand outbound coverage
2026-05-07 19:26:40 +02:00
util
fix windows build
2026-02-20 02:07:46 +01:00
web
fix(csrf): expose token endpoint for SPA pages and fetch it from axios
2026-05-08 13:20:26 +02:00
windows_files
Update OpenSSL installer to version 3.6.0
2026-01-05 18:49:30 +01:00
xray
SS: remove unsupported cipher method
2026-04-22 21:44:39 +02:00
.env.example
fix: display of outbound traffic (#3604)
2025-12-23 15:43:25 +01:00
.gitignore
fix(fail2ban): fix banning regression and Docker zero-jail issue
2026-05-07 13:53:34 +02:00
CONTRIBUTING.md
fix: display of outbound traffic (#3604)
2025-12-23 15:43:25 +01:00
docker-compose.yml
fix: enhance WebSocket stability, resolve XHTTP configurations and fix UI loading shifts (#3997)
2026-04-19 21:01:00 +02:00
DockerEntrypoint.sh
fix(fail2ban): fix banning regression and Docker zero-jail issue
2026-05-07 13:53:34 +02:00
Dockerfile
Bump Go to 1.26
2026-02-16 01:10:43 +01:00
DockerInit.sh
Revert "Xray Core v26.5.3" buggy version(vless reverse doesn't work)
2026-05-06 08:52:36 +02:00
go.mod
Bump Go to 1.26.3
2026-05-08 00:19:05 +02:00
go.sum
Bump Go to 1.26.3
2026-05-08 00:19:05 +02:00
install.sh
fix(scripts): harden server-IP detection with multi-provider + manual fallback
2026-05-08 00:51:28 +02:00
LICENSE
3x-ui
2023-02-09 22:48:06 +03:30
main.go
v2.9.3
2026-04-27 15:31:32 +02:00
README.ar_EG.md
Readme: Remove custom GeoSite/GeoIP DAT section
2026-04-21 20:20:43 +02:00
README.es_ES.md
Readme: Remove custom GeoSite/GeoIP DAT section
2026-04-21 20:20:43 +02:00
README.fa_IR.md
Readme: Remove custom GeoSite/GeoIP DAT section
2026-04-21 20:20:43 +02:00
README.md
Readme: Remove custom GeoSite/GeoIP DAT section
2026-04-21 20:20:43 +02:00
README.ru_RU.md
Readme: Remove custom GeoSite/GeoIP DAT section
2026-04-21 20:20:43 +02:00
README.zh_CN.md
Readme: Remove custom GeoSite/GeoIP DAT section
2026-04-21 20:20:43 +02:00
update.sh
fix(scripts): harden server-IP detection with multi-provider + manual fallback
2026-05-08 00:51:28 +02:00
x-ui.rc
[feat] restart xray-core from cli #3825
2026-02-20 00:03:16 +01:00
x-ui.service.arch
[feat] restart xray-core from cli #3825
2026-02-20 00:03:16 +01:00
x-ui.service.debian
[feat] restart xray-core from cli #3825
2026-02-20 00:03:16 +01:00
x-ui.service.rhel
[feat] restart xray-core from cli #3825
2026-02-20 00:03:16 +01:00
x-ui.sh
fix(scripts): harden server-IP detection with multi-provider + manual fallback
2026-05-08 00:51:28 +02:00

README.md

English | فارسی | العربية | 中文 | Español | Русский

3x-ui

Release Build GO Version Downloads License Go Reference Go Report Card

3X-UI — advanced, open-source web-based control panel designed for managing Xray-core server. It offers a user-friendly interface for configuring and monitoring various VPN and proxy protocols.

Important

This project is only for personal usage, please do not use it for illegal purposes, and please do not use it in a production environment.

As an enhanced fork of the original X-UI project, 3X-UI provides improved stability, broader protocol support, and additional features.

Quick Start

bash <(curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh)

For full documentation, please visit the project Wiki.

A Special Thanks to

Acknowledgment

  • Iran v2ray rules (License: GPL-3.0): Enhanced v2ray/xray and v2ray/xray-clients routing rules with built-in Iranian domains and a focus on security and adblocking.
  • Russia v2ray rules (License: GPL-3.0): This repository contains automatically updated V2Ray routing rules based on data on blocked domains and addresses in Russia.

Support project

If this project is helpful to you, you may wish to give it a🌟

Buy Me A Coffee
Crypto donation button by NOWPayments

Stargazers over Time

Stargazers over time

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
echfail2banhttphysteria2mixedpost-quantumrealityshadowsocksshadowsocks2022tlstrojantuntunnelvlessvmesswireguardx25519xtls-rprx-visionxtls-rprx-vision-udp443
Readme GPL-3.0 114 MiB
Languages
TypeScript 49.8%
Go 40%
Shell 6.7%
CSS 2.8%
JavaScript 0.6%