From e3b010175f519280adf8f42f01532cd9df5021bd Mon Sep 17 00:00:00 2001
From: caryoscelus <caryoscelus@gmx.com>
Date: Thu, 4 Apr 2024 23:40:32 +0000
Subject: [PATCH] --ui-ip-protect option to only apply recent privacy
 protection where it makes sense (i.e. on localhost) by default

refs #263, #270
---
 src/Config.py       | 9 +++++++++
 src/Ui/UiRequest.py | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/Config.py b/src/Config.py
index 8a847bf3..ba519a6b 100644
--- a/src/Config.py
+++ b/src/Config.py
@@ -241,6 +241,7 @@ class Config:
         self.parser.add_argument('--log-rotate-backup-count', help='Log rotate backup count', default=5, type=int)
 
         self.parser.add_argument('--language', help='Web interface language', default=language, metavar='language')
+        self.parser.add_argument('--ui-ip-protect', help="Protect UI server from being accessed through third-party pages and on unauthorized cross-origin pages (enabled by default when serving on localhost IPs; doesn't work with non-local IPs, need testing with host names)", choices=['always', 'local', 'off'], default='local')
         self.parser.add_argument('--ui-ip', help='Web interface bind address', default="127.0.0.1", metavar='ip')
         self.parser.add_argument('--ui-port', help='Web interface bind port', default=43110, type=int, metavar='port')
         self.parser.add_argument('--ui-site-port', help='Port for serving site content, defaults to ui_port+1', default=None, metavar='port')
@@ -459,6 +460,14 @@ class Config:
             self.arguments = self.parser.parse_args(argv[1:])
         if self.arguments.ui_site_port is None:
             self.arguments.ui_site_port = self.arguments.ui_port + 1
+        if self.arguments.ui_ip_protect == 'always':
+            self.arguments.ui_check_cors = True
+        elif self.arguments.ui_ip_protect == 'off':
+            self.arguments.ui_check_cors = False
+        elif self.arguments.ui_ip_protect == 'local':
+            self.arguments.ui_check_cors = self.arguments.ui_ip == '127.0.0.1' or self.arguments.ui_ip == '::1'
+        else:
+            raise Exception("Wrong argparse result")
 
     def parseConfig(self, argv):
         argv = self.fixArgs(argv)
diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py
index 482096a3..6e1d5e9e 100644
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@@ -148,7 +148,7 @@ class UiRequest:
             return False
 
         # Deny cross site requests
-        if not self.isSameOrigin(referer, url) and not self.hasCorsPermission(referer):
+        if not self.isSameOrigin(referer, url) or not self.hasCorsPermission(referer):
             return True
 
         return False
@@ -172,7 +172,7 @@ class UiRequest:
             protocol = self.env['wsgi.url_scheme']
             return self.actionRedirect(f'{protocol}://{host}:{config.ui_port}{path_info}?{query_string}')
 
-        if self.isCrossOriginRequest():
+        if config.ui_check_cors and self.isCrossOriginRequest():
             # we are still exposed by answering on port
             self.log.warning('Cross-origin request detected. Someone might be trying to analyze your 0net usage')
             return []