Only allow UI requests from safe hosts

2017-06-13 14:19:23 +02:00 · 2017-06-13 14:19:23 +02:00 · 42874038e2
commit 42874038e2
parent d55fbd1728
2 changed files with 27 additions and 1 deletions
--- a/src/Ui/UiServer.py
+++ b/src/Ui/UiServer.py
@ -58,6 +58,8 @@ class UiServer:
        self.port = config.ui_port
        if self.ip == "*":
            self.ip = ""  # Bind all
+        self.allowed_hosts = set(["zero", "localhost:%s" % config.ui_port, "%s:%s" % (config.ui_ip, config.ui_port)])
+        self.learn_allowed_host = True
        self.wrapper_nonces = []
        self.site_manager = SiteManager.site_manager
        self.sites = SiteManager.site_manager.list()