oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

WebSocket requests not allowed

Browse source
This commit is contained in:
MuxZeroNet 2017-01-08 06:56:42 +00:00 committed by GitHub
parent 86bba4f0e4
commit 0a1eecee20
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/Ui/UiRequest.py
View file

@ -93,6 +93,9 @@ class UiRequest(object):
def isProxyRequest(self): def isProxyRequest(self):
return self.env["PATH_INFO"].startswith("http://") return self.env["PATH_INFO"].startswith("http://")
def isWebSocket(self):
return self.env.get("HTTP_UPGRADE") == "websocket"
def isAjaxRequest(self): def isAjaxRequest(self):
return self.env.get("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest" return self.env.get("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest"
@ -195,6 +198,8 @@ class UiRequest(object):
return self.actionSiteMedia("/media" + path) # Only serve html files with frame return self.actionSiteMedia("/media" + path) # Only serve html files with frame
if self.isAjaxRequest(): if self.isAjaxRequest():
return self.error403("Ajax request not allowed to load wrapper") # No ajax allowed on wrapper return self.error403("Ajax request not allowed to load wrapper") # No ajax allowed on wrapper
if self.isWebSocket():
return self.error403("WebSocket not allowed to load wrapper") # No websocket
if "text/html" not in self.env["HTTP_ACCEPT"]: if "text/html" not in self.env["HTTP_ACCEPT"]:
return self.error403("Invalid Accept header to load wrapper") return self.error403("Invalid Accept header to load wrapper")