From bee8aac0cc64d4ce6e0cf28179f879961783ce75 Mon Sep 17 00:00:00 2001
From: shortcutme <tamas@zeronet.io>
Date: Wed, 21 Feb 2018 03:14:43 +0100
Subject: [PATCH] Don't allow NOSANDBOX permission on a proxy as it can leak
 cookies

---
 plugins/disabled-Multiuser/MultiuserPlugin.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/plugins/disabled-Multiuser/MultiuserPlugin.py b/plugins/disabled-Multiuser/MultiuserPlugin.py
index 16027c9f..65e1a6b2 100644
--- a/plugins/disabled-Multiuser/MultiuserPlugin.py
+++ b/plugins/disabled-Multiuser/MultiuserPlugin.py
@@ -178,6 +178,14 @@ class UiWebsocketPlugin(object):
         message += "and help to make a better network, then please run your own <a href='https://zeronet.io' target='_blank'>ZeroNet client</a>.</small>"
         self.cmd("notification", ["info", message])
 
+    def actionPermissionAdd(self, to, permission):
+        if permission == "NOSANDBOX":
+            self.cmd("notification", ["info", "You can't disable sandbox on this proxy!"])
+            self.response(to, {"error": "Denied by proxy"})
+            return False
+        else:
+            return super(UiWebsocketPlugin, self).actionPermissionAdd(to, permission)
+
 
 @PluginManager.registerTo("ConfigPlugin")
 class ConfigPlugin(object):