zeronet

Author	SHA1	Message	Date
caryoscelus	93ed7418ab	Merge branch 'master' into always-nonce	2023-11-16 14:20:30 +00:00
caryoscelus	fc408ef985	Modern browsers all support nonce now so drop checking UA	2023-11-16 14:04:33 +00:00
caryoscelus	14e8130acb	Rewrite cross-site and cross-host requests detection Make sure browsers send referrers so we can track cross-site requests (could be used to identify which sites user hosts) This breaks /raw because there are no referrers there fixes #227 fixes #223 fixes #224	2023-11-14 23:11:51 +00:00
caryoscelus	c92b8bc56c	Fix UiServer.getPosted hanging in some circumstances fixes #198 while it's not exactly clear what causes the difference in behaviour, but under certain conditions UiServer.getPosted used to hang trying to readline() POST request (e.g. from UiPassword login). using read(CONTENT_LENGTH) seems to fix the issue	2023-11-01 22:12:14 +00:00
caryoscelus	f336cd02bd	More sophisticated detection of cross-site info leak see previous commit for more info	2023-07-25 20:58:57 +00:00
caryoscelus	0811902ff6	Disable third-party access to 0net server. This previously enabled clearnet sites to detect if user is running 0net instance on their machine as well as to detect which 0net sites are downloaded. Check online at https://riza-committee.github.io/demos/0scan.html Intra-0net version of this is still available at http://127.0.0.1:43110/1ScanCY9fjmjanDt7NwvyNQCL16hqWnVM/	2023-07-25 19:13:12 +00:00
caryoscelus	3330b19e31	don't fail if http_accept header is / fixes #67	2023-07-21 12:00:23 +00:00
caryoscelus	b5380f6b26	Fix /raw readdress fixes #199	2022-12-11 17:48:37 +00:00
caryoscelus	53d51e8bc8	redirect .bit domains to hash actual addresses refs #23	2022-09-19 16:05:25 +00:00
caryoscelus	9a3fd95636	comments	2022-09-19 12:13:12 +00:00
caryoscelus	d5d5163a65	remove unused code	2022-05-17 02:40:22 +04:00
caryoscelus	06727cb511	fix UiRequest.parsePath	2022-03-03 05:15:20 +00:00
caryoscelus	855b23a84b	fix readdress loop use better escaping in render fixes #19	2022-01-26 19:28:17 +00:00
caryoscelus	6803379ad2	code improvements in UiRequest	2022-01-14 19:03:48 +00:00
Jabba	54fb2fde7c	Adding OGG MIME (#2657 ) * Adding OGG MIME Fixing: https://github.com/HelloZeroNet/ZeroNet/issues/2656 * Adding ova and ogv extensions	2020-10-26 15:59:42 +01:00
Tamas Kocsis	e74fdc4036	Redirect homepage with / at the end	2020-09-09 18:29:53 +02:00
Tamas Kocsis	8dc5aee8aa	Js based redirecting template formatting	2020-09-08 19:32:10 +02:00
Tamas Kocsis	9d198ff7f2	Display full path in 404 error instead of inner_path	2020-09-04 18:07:29 +02:00
Tamas Kocsis	cafeebf120	Fix wrapper_nonce adding to url	2020-09-04 18:07:03 +02:00
shortcutme	07faa3d6d3	Move wrapper necessary check to separate function	2020-05-03 03:56:06 +02:00
krzotr	5baacf963d	Fixed `Cache-Control` for .js and .css files	2020-02-29 00:51:41 +01:00
Ivanq	219b90668f	Switch from gevent-websocket to gevent-ws (#2439 ) * Switch from gevent-websocket to gevent-ws * Return error handling, add gevent_ws source to lib	2020-02-28 01:20:04 +01:00
shortcutme	d36324e0d3	More detailed info on http host error	2020-02-13 17:23:00 +01:00
shortcutme	113b57415f	More detailed info on origin error	2020-02-13 17:22:37 +01:00
Ivanq	77c3e43978	Detect content encoding based on query string (#2385 )	2020-01-07 10:34:14 +01:00
shortcutme	2fd337bb55	Add wasm content type	2019-12-11 20:03:28 +01:00
shortcutme	511587dd8b	Allow images from data uris	2019-11-19 02:19:14 +01:00
shortcutme	08574bf676	Handle unkown variables when rendering template	2019-11-19 01:38:22 +01:00
shortcutme	8dfc200f24	Update cachable type list	2019-10-28 16:43:37 +01:00
shortcutme	cb4a4bd707	Add utf-8 charset header to more types	2019-10-28 16:43:19 +01:00
shortcutme	24ba2a150b	Remove limitations for img, font, media, style src in raw mode	2019-10-28 16:42:28 +01:00
shortcutme	e1d92bf0ec	Changing allow-origin to js files looks no longer necessary	2019-10-28 16:41:55 +01:00
shortcutme	270f3e9ffd	Use host to check same origin if referrer looks trimmed to host	2019-10-28 16:41:08 +01:00
shortcutme	e1f73697ff	Extend built-in content types list	2019-10-28 16:11:45 +01:00
shortcutme	43a5742258	Resolve domain in parsePath function	2019-10-06 03:20:16 +02:00
shortcutme	924a61309a	Cached isDomain / resolveDomain functions	2019-10-06 03:18:14 +02:00
shortcutme	9dd5c88da4	Monospace font when displaying errors	2019-10-06 03:15:57 +02:00
shortcutme	0598bcf332	Fix utf8 post data parsing	2019-10-06 03:15:20 +02:00
shortcutme	ead1b3e5f5	Log 403 as warning	2019-10-06 03:14:45 +02:00
shortcutme	93e6ec4933	Fix display site add prompt	2019-09-19 16:32:30 +02:00
shortcutme	6f0d4a50d1	Add apple touch icon support for Safari	2019-09-15 22:11:51 +02:00
shortcutme	f999f167b1	Offer access with ip address on invalid host error	2019-09-02 02:10:52 +02:00
shortcutme	9ac96cdd50	Don't leak allowed origins in error message	2019-09-02 02:09:53 +02:00
shortcutme	248fc5f015	Use re.sub to replace template variables	2019-08-23 03:39:50 +02:00
shortcutme	e16611f15a	Allow websocket connection originates from earlier accepted hostnames	2019-08-23 03:39:16 +02:00
Ivanq	24b3651d2e	Allow blob: protocol (#2166 ) * Allow blob: protocol * Fix quotes	2019-08-20 12:42:01 +02:00
Ivanq	61ba9848e5	Add --merge_media config option	2019-08-20 08:16:35 +00:00
shortcutme	b871849df4	Add origin validation to websocket connections	2019-08-18 03:03:02 +02:00
Ivanq	33b478199a	Guess content type correctly Fix e.g. vue.min.js being reported as text/plain instead of text/javascript.	2019-07-04 12:09:07 +03:00
Ivanq	743f92d15e	Allow some paths to contain .. but not ../	2019-07-01 18:17:42 +03:00

1 2 3 4 5

228 commits