diff --git a/daemon.py b/daemon.py index e9161bf9a..19d2b8dba 100644 --- a/daemon.py +++ b/daemon.py @@ -17,6 +17,7 @@ from socket import error as SocketError import errno from functools import partial import pyqrcode +import idna # for saving images from hashlib import sha256 from hashlib import sha1 @@ -9875,7 +9876,9 @@ class PubServer(BaseHTTPRequestHandler): def do_GET(self): callingDomain = self.server.domainFull if self.headers.get('Host'): - callingDomain = self.headers['Host'] + # IDNA decoding is an idempotent operation so this should not break 'normal' domains. + # For non-IDNA domains perhaps this behaviour should be disabled: TODO add config option? + callingDomain = idna.decode(self.headers['Host']) if self.server.onionDomain: if callingDomain != self.server.domain and \ callingDomain != self.server.domainFull and \ @@ -12034,7 +12037,8 @@ class PubServer(BaseHTTPRequestHandler): def do_HEAD(self): callingDomain = self.server.domainFull if self.headers.get('Host'): - callingDomain = self.headers['Host'] + # As in the GET handler this should be idempotent but for security maybe make configurable. + callingDomain = idna.decode(self.headers['Host']) if self.server.onionDomain: if callingDomain != self.server.domain and \ callingDomain != self.server.domainFull and \ @@ -12985,7 +12989,8 @@ class PubServer(BaseHTTPRequestHandler): callingDomain = self.server.domainFull if self.headers.get('Host'): - callingDomain = self.headers['Host'] + # As notes in the GET handler, this should be idempotent but should be configurable just in case + callingDomain = idna.decode(self.headers['Host']) if self.server.onionDomain: if callingDomain != self.server.domain and \ callingDomain != self.server.domainFull and \