oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

IPv6/non-localhost IP fix

Browse source 
- Content-Security-Policy: `frame-src *` for main UiRequest and `self` for
  user-content UiRequest
- revert change in getHostWithoutPort to make ipv6 work
This commit is contained in:
caryoscelus 2024-03-30 14:31:22 +00:00
parent f4e52fce5a
commit 6702f331a3
No known key found for this signature in database
GPG key ID: 254EDDB85B66CB1F
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/Ui/UiRequest.py
View file

@ -382,10 +382,12 @@ class UiRequest:
port = int(self.env['SERVER_PORT']) port = int(self.env['SERVER_PORT'])
if port == config.ui_port: if port == config.ui_port:
other_port = config.ui_site_port other_port = config.ui_site_port
frame_src = '*'
else: else:
other_port = config.ui_port other_port = config.ui_port
site_server = f'{host}:{other_port}' frame_src = 'self'
headers["Content-Security-Policy"] = f"default-src 'none'; script-src 'nonce-{script_nonce}'; img-src 'self' blob: data:; style-src 'self' blob: 'unsafe-inline'; connect-src *; frame-src {site_server}"
headers["Content-Security-Policy"] = f"default-src 'none'; script-src 'nonce-{script_nonce}'; img-src 'self' blob: data:; style-src 'self' blob: 'unsafe-inline'; connect-src *; frame-src {frame_src}"
if allow_ajax: if allow_ajax:
headers["Access-Control-Allow-Origin"] = "null" headers["Access-Control-Allow-Origin"] = "null"
@ -544,7 +546,7 @@ class UiRequest:
return server_url return server_url
def getHostWithoutPort(self): def getHostWithoutPort(self):
return ':'.join(self.env['HTTP_HOST'].split(':')[:-1]).lstrip("[").rstrip("]") return ':'.join(self.env['HTTP_HOST'].split(':')[:-1])
def processQueryString(self, site, query_string): def processQueryString(self, site, query_string):
match = re.search("zeronet_peers=(.*?)(&|$)", query_string) match = re.search("zeronet_peers=(.*?)(&|$)", query_string)