From 8549b79ac93e7afe9df4cfc7c6299156ba7a6fc3 Mon Sep 17 00:00:00 2001
From: KF <rjohns0n12353@gmail.com>
Date: Wed, 28 Aug 2019 18:33:28 -0500
Subject: [PATCH] remove headers for onionr clients

---
 onionr/httpapi/security/public.py   | 15 ++++++++++++++-
 onionr/onionrutils/basicrequests.py |  4 ++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/onionr/httpapi/security/public.py b/onionr/httpapi/security/public.py
index 74393245..4254e4e0 100644
--- a/onionr/httpapi/security/public.py
+++ b/onionr/httpapi/security/public.py
@@ -17,7 +17,7 @@
     You should have received a copy of the GNU General Public License
     along with this program.  If not, see <https://www.gnu.org/licenses/>.
 '''
-from flask import Blueprint, request, abort
+from flask import Blueprint, request, abort, g
 from onionrservices import httpheaders
 from onionrutils import epoch
 from utils import gettransports
@@ -37,6 +37,13 @@ class PublicAPISecurity:
                 # Disallow connection if wrong HTTP hostname, in order to prevent DNS rebinding attacks
                 abort(403)
             public_api.hitCount += 1 # raise hit count for valid requests
+            try:
+                if 'onionr' in request.headers['User-Agent'].lower():
+                    g.is_onionr_client = True
+                else:
+                    g.is_onionr_client = False
+            except KeyError:
+                g.is_onionr_client = False
 
         @public_api_security_bp.after_app_request
         def send_headers(resp):
@@ -44,5 +51,11 @@ class PublicAPISecurity:
             resp = httpheaders.set_default_onionr_http_headers(resp)
             # Network API version
             resp.headers['X-API'] = public_api.API_VERSION
+            if g.is_onionr_client:
+                del resp.headers['Content-Security-Policy']
+                del resp.headers['X-Frame-Options']
+                del resp.headers['X-Content-Type-Options']
+                print('deleted')
+                print(resp.headers)
             public_api.lastRequest = epoch.get_rounded_epoch(roundS=5)
             return resp
\ No newline at end of file
diff --git a/onionr/onionrutils/basicrequests.py b/onionr/onionrutils/basicrequests.py
index 4ea13f5b..22913b6b 100644
--- a/onionr/onionrutils/basicrequests.py
+++ b/onionr/onionrutils/basicrequests.py
@@ -33,7 +33,7 @@ def do_post_request(url, data={}, port=0, proxyType='tor', max_size=10000):
         proxies = {'http': 'http://127.0.0.1:4444'}
     else:
         return
-    headers = {'user-agent': 'PyOnionr', 'Connection':'close'}
+    headers = {'User-Agent': 'PyOnionr', 'Connection':'close'}
     try:
         proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)}
         #r = requests.post(url, data=data, headers=headers, proxies=proxies, allow_redirects=False, timeout=(15, 30))
@@ -60,7 +60,7 @@ def do_get_request(url, port=0, proxyType='tor', ignoreAPI=False, returnHeaders=
         proxies = {'http': 'http://127.0.0.1:4444'}
     else:
         return
-    headers = {'user-agent': 'PyOnionr', 'Connection':'close'}
+    headers = {'User-Agent': 'PyOnionr', 'Connection':'close'}
     response_headers = dict()
     try:
         proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)}