fixed site loader and subdirs
This commit is contained in:
parent
0cce0f4318
commit
1166c9155a
3 changed files with 9 additions and 8 deletions
|
@ -64,11 +64,11 @@ def site(name: str)->Response:
|
|||
abort(404)
|
||||
return Response(resp)
|
||||
|
||||
@site_api.route('/site/<name>/<file>', endpoint='siteFile')
|
||||
@site_api.route('/site/<name>/<path:file>', endpoint='siteFile')
|
||||
def site_file(name: str, file: str)->Response:
|
||||
"""Accept a site 'name', if pubkey then show multi-page site, if hash show single page site"""
|
||||
resp: str = 'Not Found'
|
||||
mime_type = 'text/html'
|
||||
mime_type = mimetypes.MimeTypes().guess_type(file)[0]
|
||||
|
||||
# If necessary convert the name to base32 from mnemonic
|
||||
if mnemonickeys.DELIMITER in name:
|
||||
|
@ -92,4 +92,4 @@ def site_file(name: str, file: str)->Response:
|
|||
pass
|
||||
if resp == 'Not Found' or not resp:
|
||||
abort(404)
|
||||
return Response(resp)
|
||||
return Response(resp, mimetype=mime_type)
|
||||
|
|
|
@ -49,6 +49,7 @@ class ClientAPISecurity:
|
|||
|
||||
if request.endpoint in whitelist_endpoints:
|
||||
return
|
||||
if request.path.startswith('/site/'): return
|
||||
try:
|
||||
if not hmac.compare_digest(request.headers['token'], client_api.clientToken):
|
||||
if not hmac.compare_digest(request.form['token'], client_api.clientToken):
|
||||
|
@ -61,8 +62,8 @@ class ClientAPISecurity:
|
|||
def after_req(resp):
|
||||
# Security headers
|
||||
resp = httpheaders.set_default_onionr_http_headers(resp)
|
||||
if request.endpoint == 'siteapi.site':
|
||||
resp.headers['Content-Security-Policy'] = "default-src 'none'; style-src data: 'unsafe-inline'; img-src data:"
|
||||
if request.endpoint in ('siteapi.site', 'siteapi.siteFile'):
|
||||
resp.headers['Content-Security-Policy'] = "default-src 'none'; style-src 'self' data: 'unsafe-inline'; img-src 'self' data:; media-src 'self' data:"
|
||||
else:
|
||||
resp.headers['Content-Security-Policy'] = "default-src 'none'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self'"
|
||||
return resp
|
||||
return resp
|
||||
|
|
|
@ -9,12 +9,12 @@ function checkHex(str) {
|
|||
document.getElementById('openSite').onclick = function(){
|
||||
var hash = document.getElementById('siteViewer').value
|
||||
if (hash.length == 0){ return }
|
||||
if (checkHex(hash) && hash.length >= 50){
|
||||
if (checkHex(hash) && hash.length >= 50 || hash.length == 52 || hash.length == 56){
|
||||
window.location.href = '/site/' + hash
|
||||
}
|
||||
else{
|
||||
PNotify.notice({
|
||||
text: 'Invalid site hash'
|
||||
text: 'Invalid site hash/ID'
|
||||
})
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue