indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

More general test for authorized paths

merge-requests/30/head
Bob Mottram 2021-06-07 20:33:54 +01:00
parent f1e3a2591c
commit 4899fdea28
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
daemon.py
View File

@ -1264,13 +1264,13 @@ class PubServer(BaseHTTPRequestHandler):
def _isAuthorized(self) -> bool: def _isAuthorized(self) -> bool:
self.authorizedNickname = None self.authorizedNickname = None
if self.path.startswith('/icons/') or \ notAuthPaths = (
self.path.startswith('/avatars/') or \ '/icons/', '/avatars/', '/favicon.ico', '/newswire.xml',
self.path.startswith('/favicon.ico') or \ '/newswire_favicon.ico', '/categories.xml'
self.path.startswith('/newswire_favicon.ico') or \ )
self.path.startswith('/categories.xml') or \ for notAuthStr in notAuthPaths:
self.path.startswith('/newswire.xml'): if self.path.startswith(notAuthStr):
return False return False
# token based authenticated used by the web interface # token based authenticated used by the web interface
if self.headers.get('Cookie'): if self.headers.get('Cookie'):