Rev3354, Fix ajax loading files from archives

2018-03-09 15:01:45 +01:00 · 2018-03-09 15:01:45 +01:00 · 738fd1a09b
parent 645249afa9
commit 738fd1a09b
3 changed files with 15 additions and 6 deletions
--- a/plugins/FilePack/FilePackPlugin.py
+++ b/plugins/FilePack/FilePackPlugin.py
@ -58,10 +58,18 @@ class UiRequestPlugin(object):
                site.updateWebsocket(file_done=site.storage.getInnerPath(file_path))
                if not result:
                    return self.error404(path)
+
+            if self.get.get("ajax_key"):
+                requester_site = self.server.site_manager.get(path_parts["request_address"])
+                if self.get["ajax_key"] == requester_site.settings["ajax_key"]:
+                    header_allow_ajax = True
+                else:
+                    return self.error403("Invalid ajax_key")
+
            try:
                file = openArchiveFile(archive_path, path_within)
                content_type = self.getContentType(file_path)
-                self.sendHeader(200, content_type=content_type, noscript=kwargs.get("header_noscript", False))
+                self.sendHeader(200, content_type=content_type, noscript=kwargs.get("header_noscript", False), allow_ajax=header_allow_ajax)
                return self.streamFile(file)
            except Exception as err:
                self.log.debug("Error opening archive file: %s" % err)
--- a/src/Config.py
+++ b/src/Config.py
@ -10,7 +10,7 @@ class Config(object):

    def __init__(self, argv):
        self.version = "0.6.2"
-        self.rev = 3353
+        self.rev = 3354
        self.argv = argv
        self.action = None
        self.config_file = "zeronet.conf"
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@ -204,7 +204,7 @@ class UiRequest(object):
            return referer

    # Send response headers
-    def sendHeader(self, status=200, content_type="text/html", noscript=False, extra_headers=[]):
+    def sendHeader(self, status=200, content_type="text/html", noscript=False, allow_ajax=False, extra_headers=[]):
        headers = {}
        headers["Version"] = "HTTP/1.1"
        headers["Connection"] = "Keep-Alive"
@ -216,6 +216,9 @@ class UiRequest(object):
        if noscript:
            headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src 'self'; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline';"

+        if allow_ajax:
+            headers["Access-Control-Allow-Origin"] = "null"
+
        if self.env["REQUEST_METHOD"] == "OPTIONS":
            # Allow json access
            headers["Access-Control-Allow-Headers"] = "Origin, X-Requested-With, Content-Type, Accept, Cookie, Range"
@ -569,9 +572,7 @@ class UiRequest(object):
                    status = 206
                else:
                    status = 200
-                if header_allow_ajax:
-                    extra_headers["Access-Control-Allow-Origin"] = "null"
-                self.sendHeader(status, content_type=content_type, noscript=header_noscript, extra_headers=extra_headers)
+                self.sendHeader(status, content_type=content_type, noscript=header_noscript, allow_ajax=header_allow_ajax, extra_headers=extra_headers)
            if self.env["REQUEST_METHOD"] != "OPTIONS":
                if not file_obj:
                    file_obj = open(file_path, "rb")