oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #749 from MuxZeroNet/patch-3

Browse source 
WebSocket requests not allowed
This commit is contained in:
ZeroNet 2017-01-08 13:18:00 +01:00 committed by GitHub
commit 5f567c357b
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/Ui/UiRequest.py
View file

@ -93,6 +93,9 @@ class UiRequest(object):
def isProxyRequest(self): def isProxyRequest(self):
return self.env["PATH_INFO"].startswith("http://") return self.env["PATH_INFO"].startswith("http://")
def isWebSocket(self):
return self.env.get("HTTP_UPGRADE") == "websocket"
def isAjaxRequest(self): def isAjaxRequest(self):
return self.env.get("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest" return self.env.get("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest"
@ -195,6 +198,8 @@ class UiRequest(object):
return self.actionSiteMedia("/media" + path) # Only serve html files with frame return self.actionSiteMedia("/media" + path) # Only serve html files with frame
if self.isAjaxRequest(): if self.isAjaxRequest():
return self.error403("Ajax request not allowed to load wrapper") # No ajax allowed on wrapper return self.error403("Ajax request not allowed to load wrapper") # No ajax allowed on wrapper
if self.isWebSocket():
return self.error403("WebSocket not allowed to load wrapper") # No websocket
if "text/html" not in self.env["HTTP_ACCEPT"]: if "text/html" not in self.env["HTTP_ACCEPT"]:
return self.error403("Invalid Accept header to load wrapper") return self.error403("Invalid Accept header to load wrapper")