oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't check referrer for html files

Browse source
This commit is contained in:
shortcutme 2017-05-11 18:00:57 +02:00
parent 47245f485a
commit 27a582634f
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/Ui/UiRequest.py
View file

@ -366,12 +366,12 @@ class UiRequest(object):
if wrapper_nonce not in self.server.wrapper_nonces:
return self.error403("Wrapper nonce error. Please reload the page.")
self.server.wrapper_nonces.remove(self.get["wrapper_nonce"])
referer = self.env.get("HTTP_REFERER")
if referer and path_parts: # Only allow same site to receive media
if not self.isMediaRequestAllowed(path_parts["request_address"], referer):
self.log.error("Media referrer error: %s not allowed from %s" % (path_parts["address"], referer))
return self.error403("Media referrer error") # Referrer not starts same address as requested path
else:
referer = self.env.get("HTTP_REFERER")
if referer and path_parts: # Only allow same site to receive media
if not self.isMediaRequestAllowed(path_parts["request_address"], referer):
self.log.error("Media referrer error: %s not allowed from %s" % (path_parts["address"], referer))
return self.error403("Media referrer error") # Referrer not starts same address as requested path
if path_parts: # Looks like a valid path
address = path_parts["address"]