diff --git a/onionr/httpapi/security/public.py b/onionr/httpapi/security/public.py index 74393245..4254e4e0 100644 --- a/onionr/httpapi/security/public.py +++ b/onionr/httpapi/security/public.py @@ -17,7 +17,7 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . ''' -from flask import Blueprint, request, abort +from flask import Blueprint, request, abort, g from onionrservices import httpheaders from onionrutils import epoch from utils import gettransports @@ -37,6 +37,13 @@ class PublicAPISecurity: # Disallow connection if wrong HTTP hostname, in order to prevent DNS rebinding attacks abort(403) public_api.hitCount += 1 # raise hit count for valid requests + try: + if 'onionr' in request.headers['User-Agent'].lower(): + g.is_onionr_client = True + else: + g.is_onionr_client = False + except KeyError: + g.is_onionr_client = False @public_api_security_bp.after_app_request def send_headers(resp): @@ -44,5 +51,11 @@ class PublicAPISecurity: resp = httpheaders.set_default_onionr_http_headers(resp) # Network API version resp.headers['X-API'] = public_api.API_VERSION + if g.is_onionr_client: + del resp.headers['Content-Security-Policy'] + del resp.headers['X-Frame-Options'] + del resp.headers['X-Content-Type-Options'] + print('deleted') + print(resp.headers) public_api.lastRequest = epoch.get_rounded_epoch(roundS=5) return resp \ No newline at end of file diff --git a/onionr/onionrutils/basicrequests.py b/onionr/onionrutils/basicrequests.py index 4ea13f5b..22913b6b 100644 --- a/onionr/onionrutils/basicrequests.py +++ b/onionr/onionrutils/basicrequests.py @@ -33,7 +33,7 @@ def do_post_request(url, data={}, port=0, proxyType='tor', max_size=10000): proxies = {'http': 'http://127.0.0.1:4444'} else: return - headers = {'user-agent': 'PyOnionr', 'Connection':'close'} + headers = {'User-Agent': 'PyOnionr', 'Connection':'close'} try: proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)} #r = requests.post(url, data=data, headers=headers, proxies=proxies, allow_redirects=False, timeout=(15, 30)) @@ -60,7 +60,7 @@ def do_get_request(url, port=0, proxyType='tor', ignoreAPI=False, returnHeaders= proxies = {'http': 'http://127.0.0.1:4444'} else: return - headers = {'user-agent': 'PyOnionr', 'Connection':'close'} + headers = {'User-Agent': 'PyOnionr', 'Connection':'close'} response_headers = dict() try: proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)}