oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't allow load load wrapper frames as prefetch or as image

Browse source
This commit is contained in:
shortcutme 2016-12-27 11:37:35 +01:00
parent 9565335394
commit 86b0046f28
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/Ui/UiRequest.py
View file

@ -191,6 +191,11 @@ class UiRequest(object):
if self.isAjaxRequest():
return self.error403("Ajax request not allowed to load wrapper") # No ajax allowed on wrapper
if "text/html" not in self.env["HTTP_ACCEPT"]:
return self.error403("Invalid Accept header to load wrapper")
if "prefetch" in self.env.get("HTTP_X_MOZ", "") or "prefetch" in self.env.get("HTTP_PURPOSE", ""):
return self.error403("Prefetch not allowed to load wrapper")
site = SiteManager.site_manager.get(address)
if (