oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix some CORS/redirectering cases

Browse source
This commit is contained in:
caryoscelus 2024-04-05 10:48:22 +00:00
parent e3b010175f
commit 7772036559
No known key found for this signature in database
GPG key ID: 254EDDB85B66CB1F
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/Ui/UiRequest.py
View file

@ -148,7 +148,7 @@ class UiRequest:
return False return False
# Deny cross site requests # Deny cross site requests
if not self.isSameOrigin(referer, url) or not self.hasCorsPermission(referer): if not self.isSameOrigin(referer, url) and not self.hasCorsPermission(referer):
return True return True
return False return False
@ -165,7 +165,7 @@ class UiRequest:
is_navigate = self.env.get('HTTP_SEC_FETCH_MODE') == 'navigate' is_navigate = self.env.get('HTTP_SEC_FETCH_MODE') == 'navigate'
is_iframe = self.env.get('HTTP_SEC_FETCH_DEST') == 'iframe' is_iframe = self.env.get('HTTP_SEC_FETCH_DEST') == 'iframe'
if is_navigate and not is_iframe and self.is_data_request: if ((is_navigate and not is_iframe) or not config.ui_check_cors) and self.is_data_request:
host = self.getHostWithoutPort() host = self.getHostWithoutPort()
path_info = self.env['PATH_INFO'] path_info = self.env['PATH_INFO']
query_string = self.env['QUERY_STRING'] query_string = self.env['QUERY_STRING']