oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove ui_server allowed http host learning

Browse source
This commit is contained in:
shortcutme 2019-02-14 15:49:10 +01:00
parent 5c57cd6541
commit bd649cfb33
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
2 changed files with 0 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/Ui/UiRequest.py
View file

@ -72,12 +72,6 @@ class UiRequest(object):
else:
return False
if self.server.learn_allowed_host:
# Learn the first request's host as allowed one
self.server.learn_allowed_host = False
self.learnHost(host)
return True
return False
# Call the request handler function base on path

3
src/Ui/UiServer.py
View file

@ -60,7 +60,6 @@ class UiServer:
self.ip = "0.0.0.0" # Bind all
if config.ui_host:
self.allowed_hosts = set(config.ui_host)
self.learn_allowed_host = False
elif config.ui_ip == "127.0.0.1":
# IP Addresses are inherently allowed as they are immune to DNS
# rebinding attacks.
@ -73,10 +72,8 @@ class UiServer:
# use.
if config.ui_port == 80:
self.allowed_hosts.update(["localhost"])
self.learn_allowed_host = False
else:
self.allowed_hosts = set([])
self.learn_allowed_host = True # It will pin to the first http request's host
self.allow_trans_proxy = config.ui_trans_proxy
self.wrapper_nonces = []