fixed site loader and subdirs

This commit is contained in:
Kevin Froman 2019-11-13 21:06:04 -06:00
parent 0cce0f4318
commit 1166c9155a
3 changed files with 9 additions and 8 deletions

View File

@ -64,11 +64,11 @@ def site(name: str)->Response:
abort(404)
return Response(resp)
@site_api.route('/site/<name>/<file>', endpoint='siteFile')
@site_api.route('/site/<name>/<path:file>', endpoint='siteFile')
def site_file(name: str, file: str)->Response:
"""Accept a site 'name', if pubkey then show multi-page site, if hash show single page site"""
resp: str = 'Not Found'
mime_type = 'text/html'
mime_type = mimetypes.MimeTypes().guess_type(file)[0]
# If necessary convert the name to base32 from mnemonic
if mnemonickeys.DELIMITER in name:
@ -92,4 +92,4 @@ def site_file(name: str, file: str)->Response:
pass
if resp == 'Not Found' or not resp:
abort(404)
return Response(resp)
return Response(resp, mimetype=mime_type)

View File

@ -49,6 +49,7 @@ class ClientAPISecurity:
if request.endpoint in whitelist_endpoints:
return
if request.path.startswith('/site/'): return
try:
if not hmac.compare_digest(request.headers['token'], client_api.clientToken):
if not hmac.compare_digest(request.form['token'], client_api.clientToken):
@ -61,8 +62,8 @@ class ClientAPISecurity:
def after_req(resp):
# Security headers
resp = httpheaders.set_default_onionr_http_headers(resp)
if request.endpoint == 'siteapi.site':
resp.headers['Content-Security-Policy'] = "default-src 'none'; style-src data: 'unsafe-inline'; img-src data:"
if request.endpoint in ('siteapi.site', 'siteapi.siteFile'):
resp.headers['Content-Security-Policy'] = "default-src 'none'; style-src 'self' data: 'unsafe-inline'; img-src 'self' data:; media-src 'self' data:"
else:
resp.headers['Content-Security-Policy'] = "default-src 'none'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self'"
return resp

View File

@ -9,12 +9,12 @@ function checkHex(str) {
document.getElementById('openSite').onclick = function(){
var hash = document.getElementById('siteViewer').value
if (hash.length == 0){ return }
if (checkHex(hash) && hash.length >= 50){
if (checkHex(hash) && hash.length >= 50 || hash.length == 52 || hash.length == 56){
window.location.href = '/site/' + hash
}
else{
PNotify.notice({
text: 'Invalid site hash'
text: 'Invalid site hash/ID'
})
}
}