oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Nonce checking moved to route command

Browse source
This commit is contained in:
shortcutme 2017-10-04 12:41:14 +02:00
parent 74b2408668
commit 1f5db0aa24
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 0 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/Ui/UiRequest.py
View file

@ -445,11 +445,6 @@ class UiRequest(object):
# Check wrapper nonce # Check wrapper nonce
content_type = self.getContentType(path_parts["inner_path"]) content_type = self.getContentType(path_parts["inner_path"])
if "htm" in content_type and not header_noscript: # Valid nonce must present to render html files
wrapper_nonce = self.get.get("wrapper_nonce")
if wrapper_nonce not in self.server.wrapper_nonces:
return self.error403("Wrapper nonce error. Please reload the page.")
self.server.wrapper_nonces.remove(self.get["wrapper_nonce"])
else: else:
referer = self.env.get("HTTP_REFERER") referer = self.env.get("HTTP_REFERER")
if referer and path_parts: # Only allow same site to receive media if referer and path_parts: # Only allow same site to receive media