remove headers for onionr clients

2019-08-28 18:33:28 -05:00 · 2019-08-28 18:33:28 -05:00 · 8549b79ac9
commit 8549b79ac9
parent d2845b2ad5
2 changed files with 16 additions and 3 deletions
--- a/onionr/httpapi/security/public.py
+++ b/onionr/httpapi/security/public.py
@ -17,7 +17,7 @@
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 '''
-from flask import Blueprint, request, abort
+from flask import Blueprint, request, abort, g
 from onionrservices import httpheaders
 from onionrutils import epoch
 from utils import gettransports
@ -37,6 +37,13 @@ class PublicAPISecurity:
                # Disallow connection if wrong HTTP hostname, in order to prevent DNS rebinding attacks
                abort(403)
            public_api.hitCount += 1 # raise hit count for valid requests
            try:
                if 'onionr' in request.headers['User-Agent'].lower():
                    g.is_onionr_client = True
                else:
                    g.is_onionr_client = False
            except KeyError:
                g.is_onionr_client = False
        @public_api_security_bp.after_app_request
        def send_headers(resp):
@ -44,5 +51,11 @@ class PublicAPISecurity:
            resp = httpheaders.set_default_onionr_http_headers(resp)
            # Network API version
            resp.headers['X-API'] = public_api.API_VERSION
            if g.is_onionr_client:
                del resp.headers['Content-Security-Policy']
                del resp.headers['X-Frame-Options']
                del resp.headers['X-Content-Type-Options']
                print('deleted')
                print(resp.headers)
            public_api.lastRequest = epoch.get_rounded_epoch(roundS=5)
            return resp
--- a/onionr/onionrutils/basicrequests.py
+++ b/onionr/onionrutils/basicrequests.py
@ -33,7 +33,7 @@ def do_post_request(url, data={}, port=0, proxyType='tor', max_size=10000):
        proxies = {'http': 'http://127.0.0.1:4444'}
    else:
        return
-    headers = {'user-agent': 'PyOnionr', 'Connection':'close'}
+    headers = {'User-Agent': 'PyOnionr', 'Connection':'close'}
    try:
        proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)}
        #r = requests.post(url, data=data, headers=headers, proxies=proxies, allow_redirects=False, timeout=(15, 30))
@ -60,7 +60,7 @@ def do_get_request(url, port=0, proxyType='tor', ignoreAPI=False, returnHeaders=
        proxies = {'http': 'http://127.0.0.1:4444'}
    else:
        return
-    headers = {'user-agent': 'PyOnionr', 'Connection':'close'}
+    headers = {'User-Agent': 'PyOnionr', 'Connection':'close'}
    response_headers = dict()
    try:
        proxies = {'http': 'socks4a://127.0.0.1:' + str(port), 'https': 'socks4a://127.0.0.1:' + str(port)}