From 738fd1a09b4d3a45f7514dede0720b533577027e Mon Sep 17 00:00:00 2001 From: shortcutme Date: Fri, 9 Mar 2018 15:01:45 +0100 Subject: [PATCH] Rev3354, Fix ajax loading files from archives --- plugins/FilePack/FilePackPlugin.py | 10 +++++++++- src/Config.py | 2 +- src/Ui/UiRequest.py | 9 +++++---- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/plugins/FilePack/FilePackPlugin.py b/plugins/FilePack/FilePackPlugin.py index 778aa39f..a3cda1ab 100644 --- a/plugins/FilePack/FilePackPlugin.py +++ b/plugins/FilePack/FilePackPlugin.py @@ -58,10 +58,18 @@ class UiRequestPlugin(object): site.updateWebsocket(file_done=site.storage.getInnerPath(file_path)) if not result: return self.error404(path) + + if self.get.get("ajax_key"): + requester_site = self.server.site_manager.get(path_parts["request_address"]) + if self.get["ajax_key"] == requester_site.settings["ajax_key"]: + header_allow_ajax = True + else: + return self.error403("Invalid ajax_key") + try: file = openArchiveFile(archive_path, path_within) content_type = self.getContentType(file_path) - self.sendHeader(200, content_type=content_type, noscript=kwargs.get("header_noscript", False)) + self.sendHeader(200, content_type=content_type, noscript=kwargs.get("header_noscript", False), allow_ajax=header_allow_ajax) return self.streamFile(file) except Exception as err: self.log.debug("Error opening archive file: %s" % err) diff --git a/src/Config.py b/src/Config.py index 9afdc4ba..0a58ac72 100644 --- a/src/Config.py +++ b/src/Config.py @@ -10,7 +10,7 @@ class Config(object): def __init__(self, argv): self.version = "0.6.2" - self.rev = 3353 + self.rev = 3354 self.argv = argv self.action = None self.config_file = "zeronet.conf" diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py index 58ea6aca..991dd264 100644 --- a/src/Ui/UiRequest.py +++ b/src/Ui/UiRequest.py @@ -204,7 +204,7 @@ class UiRequest(object): return referer # Send response headers - def sendHeader(self, status=200, content_type="text/html", noscript=False, extra_headers=[]): + def sendHeader(self, status=200, content_type="text/html", noscript=False, allow_ajax=False, extra_headers=[]): headers = {} headers["Version"] = "HTTP/1.1" headers["Connection"] = "Keep-Alive" @@ -216,6 +216,9 @@ class UiRequest(object): if noscript: headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src 'self'; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline';" + if allow_ajax: + headers["Access-Control-Allow-Origin"] = "null" + if self.env["REQUEST_METHOD"] == "OPTIONS": # Allow json access headers["Access-Control-Allow-Headers"] = "Origin, X-Requested-With, Content-Type, Accept, Cookie, Range" @@ -569,9 +572,7 @@ class UiRequest(object): status = 206 else: status = 200 - if header_allow_ajax: - extra_headers["Access-Control-Allow-Origin"] = "null" - self.sendHeader(status, content_type=content_type, noscript=header_noscript, extra_headers=extra_headers) + self.sendHeader(status, content_type=content_type, noscript=header_noscript, allow_ajax=header_allow_ajax, extra_headers=extra_headers) if self.env["REQUEST_METHOD"] != "OPTIONS": if not file_obj: file_obj = open(file_path, "rb")