diff --git a/onionr/httpapi/security/public.py b/onionr/httpapi/security/public.py
index 3b591504..c0f79dd3 100644
--- a/onionr/httpapi/security/public.py
+++ b/onionr/httpapi/security/public.py
@@ -52,9 +52,9 @@ class PublicAPISecurity:
# Network API version
resp.headers['X-API'] = public_api.API_VERSION
# Delete some HTTP headers for Onionr user agents
+ NON_NETWORK_HEADERS = ('Content-Security-Policy', 'X-Frame-Options',
+ 'X-Content-Type-Options', 'Feature-Policy', 'Clear-Site-Data', 'Referrer-Policy')
if g.is_onionr_client:
- del resp.headers['Content-Security-Policy']
- del resp.headers['X-Frame-Options']
- del resp.headers['X-Content-Type-Options']
+ for header in NON_NETWORK_HEADERS: del resp.headers[header]
public_api.lastRequest = epoch.get_rounded_epoch(roundS=5)
return resp
\ No newline at end of file
diff --git a/onionr/onionrblockapi.py b/onionr/onionrblockapi.py
index e263805b..1cfd3b31 100755
--- a/onionr/onionrblockapi.py
+++ b/onionr/onionrblockapi.py
@@ -118,8 +118,6 @@ class Block:
else:
retData = True
self.decrypted = True
- else:
- logger.warn('symmetric decryption is not yet supported by this API')
return retData
def verifySig(self):
@@ -189,7 +187,7 @@ class Block:
return True
except Exception as e:
- logger.warn('Failed to parse block %s.' % self.getHash(), error = e, timestamp = False)
+ logger.warn('Failed to parse block %s' % self.getHash(), error = e, timestamp = False)
# if block can't be parsed, it's a waste of precious space. Throw it away.
if not self.delete():
@@ -213,8 +211,9 @@ class Block:
os.remove(self.getBlockFile())
except TypeError:
pass
-
- removeblock.remove_block(self.getHash())
+ b_hash = self.getHash()
+ onionrstorage.deleteBlock(b_hash)
+ removeblock.remove_block(b_hash)
return True
return False
diff --git a/onionr/onionrblocks/insert.py b/onionr/onionrblocks/insert.py
index 22d0e366..c0c23599 100644
--- a/onionr/onionrblocks/insert.py
+++ b/onionr/onionrblocks/insert.py
@@ -115,7 +115,7 @@ def insert_block(data, header='txt', sign=False, encryptType='', symKey='', asym
# ensure expire is integer and of sane length
if type(expire) is not type(None):
- assert len(str(int(expire))) < 14
+ assert len(str(int(expire))) < 20
metadata['expire'] = expire
# send block data (and metadata) to POW module to get tokenized block data
diff --git a/onionr/onionrservices/httpheaders.py b/onionr/onionrservices/httpheaders.py
index 63c4a6ad..5726a276 100755
--- a/onionr/onionrservices/httpheaders.py
+++ b/onionr/onionrservices/httpheaders.py
@@ -17,6 +17,10 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see .
'''
+FEATURE_POLICY = """vibrate; vr; webauthn; usb; sync-xhr; speaker;
+picture-in-picture; payment; midi; microphone; magnetometer; gyroscope;
+geolocation; fullscreen; encrypted-media; document-domain;
+camera; accelerometer; ambient-light-sensor""".replace('\n', '') # have to remove \n for flask
def set_default_onionr_http_headers(flask_response):
'''Response headers'''
flask_response.headers['Content-Security-Policy'] = "default-src 'none'; style-src data: 'unsafe-inline'; img-src data:"
@@ -25,4 +29,7 @@ def set_default_onionr_http_headers(flask_response):
flask_response.headers['Server'] = ''
flask_response.headers['Date'] = 'Thu, 1 Jan 1970 00:00:00 GMT' # Clock info is probably useful to attackers. Set to unix epoch.
flask_response.headers['Connection'] = "close"
+ flask_response.headers['Clear-Site-Data'] = '"cache", "cookies", "storage", "executionContexts"'
+ flask_response.headers['Feature-Policy'] = FEATURE_POLICY
+ flask_response.headers['Referrer-Policy'] = 'no-referrer'
return flask_response
\ No newline at end of file
diff --git a/onionr/onionrutils/blockmetadata/process.py b/onionr/onionrutils/blockmetadata/process.py
index 4ad4991a..be595194 100644
--- a/onionr/onionrutils/blockmetadata/process.py
+++ b/onionr/onionrutils/blockmetadata/process.py
@@ -57,10 +57,12 @@ def process_block_metadata(blockHash: str):
pass
# Set block expire time if specified
try:
- expireTime = myBlock.getHeader('expire')
- assert len(str(int(expireTime))) < 20 # test that expire time is an integer of sane length (for epoch)
+ expireTime = int(myBlock.getHeader('expire'))
+ assert len(str(expireTime)) < 20 # test that expire time is an integer of sane length (for epoch)
except (AssertionError, ValueError, TypeError) as e:
expireTime = onionrvalues.DEFAULT_EXPIRE + curTime
finally:
+ expireTime = min(expireTime, curTime + onionrvalues.DEFAULT_EXPIRE)
blockmetadb.update_block_info(blockHash, 'expire', expireTime)
+
onionrevents.event('processblocks', data = {'block': myBlock, 'type': blockType, 'signer': signer, 'validSig': valid})
diff --git a/onionr/static-data/www/board/board.js b/onionr/static-data/www/board/board.js
index 0092963c..8520168a 100755
--- a/onionr/static-data/www/board/board.js
+++ b/onionr/static-data/www/board/board.js
@@ -94,7 +94,7 @@ function getBlocks(){
}
var feedText = httpGet('/flow/getpostsbyboard/' + ch)
var blockList = feedText.split(',').reverse()
- console.log(blockList)
+
for (i = 0; i < blockList.length; i++){
while (blockList[i].length < 64) blockList[i] = "0" + blockList[i]
if (! requested.includes(blockList[i])){
diff --git a/onionr/static-data/www/board/index.html b/onionr/static-data/www/board/index.html
index 4c913f3d..f5310add 100755
--- a/onionr/static-data/www/board/index.html
+++ b/onionr/static-data/www/board/index.html
@@ -86,7 +86,7 @@
diff --git a/onionr/static-data/www/friends/friends.js b/onionr/static-data/www/friends/friends.js
index 57c35f64..1b9a2b30 100755
--- a/onionr/static-data/www/friends/friends.js
+++ b/onionr/static-data/www/friends/friends.js
@@ -27,8 +27,10 @@ function removeFriend(pubkey){
addForm.onsubmit = function(){
var friend = document.getElementsByName('addKey')[0]
var alias = document.getElementsByName('data')[0]
- if (alias.value.toLowerCase() == 'anonymous'){
- alert('Anonymous is a reserved name')
+ if (alias.value.toLowerCase().trim() == 'anonymous'){
+ PNotify.error({
+ text: "Anonymous is a reserved alias name"
+ })
return false
}
diff --git a/onionr/static-data/www/friends/index.html b/onionr/static-data/www/friends/index.html
index 0769c4ed..661e29ee 100755
--- a/onionr/static-data/www/friends/index.html
+++ b/onionr/static-data/www/friends/index.html
@@ -9,9 +9,15 @@
Friends
+
+
+
+
+
+
@@ -102,14 +108,14 @@
@@ -151,9 +157,6 @@
-
-
-