remove headers for onionr clients

master
KF 2019-08-28 18:33:28 -05:00
parent d2845b2ad5
commit 8549b79ac9
2 changed files with 16 additions and 3 deletions

View File

@ -17,7 +17,7 @@
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
''' '''
from flask import Blueprint, request, abort from flask import Blueprint, request, abort, g
from onionrservices import httpheaders from onionrservices import httpheaders
from onionrutils import epoch from onionrutils import epoch
from utils import gettransports from utils import gettransports
@ -37,6 +37,13 @@ class PublicAPISecurity:
# Disallow connection if wrong HTTP hostname, in order to prevent DNS rebinding attacks # Disallow connection if wrong HTTP hostname, in order to prevent DNS rebinding attacks
abort(403) abort(403)
public_api.hitCount += 1 # raise hit count for valid requests public_api.hitCount += 1 # raise hit count for valid requests
try:
if 'onionr' in request.headers['User-Agent'].lower():
g.is_onionr_client = True
else:
g.is_onionr_client = False
except KeyError:
g.is_onionr_client = False
@public_api_security_bp.after_app_request @public_api_security_bp.after_app_request
def send_headers(resp): def send_headers(resp):
@ -44,5 +51,11 @@ class PublicAPISecurity:
resp = httpheaders.set_default_onionr_http_headers(resp) resp = httpheaders.set_default_onionr_http_headers(resp)
# Network API version # Network API version
resp.headers['X-API'] = public_api.API_VERSION resp.headers['X-API'] = public_api.API_VERSION
if g.is_onionr_client:
del resp.headers['Content-Security-Policy']
del resp.headers['X-Frame-Options']
del resp.headers['X-Content-Type-Options']
print('deleted')
print(resp.headers)
public_api.lastRequest = epoch.get_rounded_epoch(roundS=5) public_api.lastRequest = epoch.get_rounded_epoch(roundS=5)
return resp return resp

View File

@ -33,7 +33,7 @@ def do_post_request(url, data={}, port=0, proxyType='tor', max_size=10000):
proxies = {'http': 'http://127.0.0.1:4444'} proxies = {'http': 'http://127.0.0.1:4444'}
else: else:
return return
headers = {'user-agent': 'PyOnionr', 'Connection':'close'} headers = {'User-Agent': 'PyOnionr', 'Connection':'close'}
try: try:
proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)} proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)}
#r = requests.post(url, data=data, headers=headers, proxies=proxies, allow_redirects=False, timeout=(15, 30)) #r = requests.post(url, data=data, headers=headers, proxies=proxies, allow_redirects=False, timeout=(15, 30))
@ -60,7 +60,7 @@ def do_get_request(url, port=0, proxyType='tor', ignoreAPI=False, returnHeaders=
proxies = {'http': 'http://127.0.0.1:4444'} proxies = {'http': 'http://127.0.0.1:4444'}
else: else:
return return
headers = {'user-agent': 'PyOnionr', 'Connection':'close'} headers = {'User-Agent': 'PyOnionr', 'Connection':'close'}
response_headers = dict() response_headers = dict()
try: try:
proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)} proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)}