From b2e44d41293a3058a2e5c69dd179190e8682ce66 Mon Sep 17 00:00:00 2001 From: Bob Mottram <bob@freedombone.net> Date: Sat, 28 Mar 2020 17:24:40 +0000 Subject: [PATCH] Set host as per calling domain --- daemon.py | 402 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 223 insertions(+), 179 deletions(-) diff --git a/daemon.py b/daemon.py index 62132b7a9..8512c22bf 100644 --- a/daemon.py +++ b/daemon.py @@ -400,54 +400,59 @@ class PubServer(BaseHTTPRequestHandler): return True return False - def _login_headers(self,fileFormat: str,length: int) -> None: + def _login_headers(self,fileFormat: str,length: int, \ + callingDomain: str) -> None: self.send_response(200) self.send_header('Content-type', fileFormat) self.send_header('Content-Length', str(length)) - self.send_header('Host', self.server.domainFull) + self.send_header('Host', callingDomain) self.send_header('WWW-Authenticate', \ 'title="Login to Epicyon", Basic realm="epicyon"') self.send_header('X-Robots-Tag','noindex') self.end_headers() - def _logout_headers(self,fileFormat: str,length: int) -> None: + def _logout_headers(self,fileFormat: str,length: int, \ + callingDomain: str) -> None: self.send_response(200) self.send_header('Content-type', fileFormat) self.send_header('Content-Length', str(length)) self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict') - self.send_header('Host', self.server.domainFull) + self.send_header('Host', callingDomain) self.send_header('WWW-Authenticate', \ 'title="Login to Epicyon", Basic realm="epicyon"') self.send_header('X-Robots-Tag','noindex') self.end_headers() - def _set_headers_base(self,fileFormat: str,length: int,cookie: str) -> None: + def _set_headers_base(self,fileFormat: str,length: int,cookie: str, \ + callingDomain: str) -> None: self.send_response(200) self.send_header('Content-type', fileFormat) if length>-1: self.send_header('Content-Length', str(length)) if cookie: self.send_header('Cookie', cookie) - self.send_header('Host', self.server.domainFull) + self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId) self.send_header('X-Robots-Tag','noindex') self.send_header('Cache-Control','public, max-age=0') self.send_header('X-Clacks-Overhead','GNU Natalie Nguyen') self.send_header('Accept-Ranges','none') - def _set_headers(self,fileFormat: str,length: int,cookie: str) -> None: - self._set_headers_base(fileFormat,length,cookie) + def _set_headers(self,fileFormat: str,length: int,cookie: str, \ + callingDomain: str) -> None: + self._set_headers_base(fileFormat,length,cookie,callingDomain) self.end_headers() - def _set_headers_head(self,fileFormat: str,length: int,etag: str) -> None: - self._set_headers_base(fileFormat,length,None) + def _set_headers_head(self,fileFormat: str,length: int,etag: str, \ + callingDomain: str) -> None: + self._set_headers_base(fileFormat,length,None,callingDomain) if etag: self.send_header('ETag',etag) self.end_headers() def _set_headers_etag(self,mediaFilename: str,fileFormat: str, \ - data,cookie: str) -> None: - self._set_headers_base(fileFormat,len(data),cookie) + data,cookie: str,callingDomain: str) -> None: + self._set_headers_base(fileFormat,len(data),cookie,callingDomain) etag=None if os.path.isfile(mediaFilename+'.etag'): try: @@ -466,7 +471,7 @@ class PubServer(BaseHTTPRequestHandler): self.send_header('ETag',etag) self.end_headers() - def _redirect_headers(self,redirect: str,cookie: str) -> None: + def _redirect_headers(self,redirect: str,cookie: str,callingDomain: str) -> None: self.send_response(303) #self.send_header('Content-type', 'text/html') if cookie: @@ -474,14 +479,15 @@ class PubServer(BaseHTTPRequestHandler): if '://' not in redirect: print('REDIRECT ERROR: redirect is not an absolute url '+redirect) self.send_header('Location', redirect) - self.send_header('Host', self.server.domainFull) + self.send_header('Host', callingDomain) self.send_header('InstanceID', self.server.instanceId) self.send_header('Content-Length', '0') self.send_header('X-Robots-Tag','noindex') self.end_headers() def _httpReturnCode(self,httpCode: int,httpDescription: str) -> None: - msg="<html><head></head><body><h1>"+str(httpCode)+" "+httpDescription+"</h1></body></html>" + msg="<html><head></head><body><h1>"+str(httpCode)+" "+ \ + httpDescription+"</h1></body></html>" msg=msg.encode('utf-8') self.send_response(httpCode) self.send_header('Content-Type', 'text/html; charset=utf-8') @@ -525,11 +531,11 @@ class PubServer(BaseHTTPRequestHandler): return False msg='User-agent: *\nDisallow: /' msg=msg.encode('utf-8') - self._set_headers('text/plain; charset=utf-8',len(msg),None) + self._set_headers('text/plain; charset=utf-8',len(msg),None,self.server.domainFull) self._write(msg) return True - def _mastoApi(self) -> bool: + def _mastoApi(self,callingDomain: str) -> bool: """This is a vestigil mastodon API for the purpose of returning an empty result to sites like https://mastopeek.app-dist.eu @@ -557,11 +563,11 @@ class PubServer(BaseHTTPRequestHandler): msg=json.dumps(instanceJson).encode('utf-8') if self.headers.get('Accept'): if 'application/ld+json' in self.headers['Accept']: - self._set_headers('application/ld+json',len(msg),None) + self._set_headers('application/ld+json',len(msg),None,callingDomain) else: - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) else: - self._set_headers('application/ld+json',len(msg),None) + self._set_headers('application/ld+json',len(msg),None,callingDomain) self._write(msg) print('instance metadata sent') return True @@ -574,11 +580,11 @@ class PubServer(BaseHTTPRequestHandler): msg=json.dumps(['mastodon.social',self.server.domainFull]).encode('utf-8') if self.headers.get('Accept'): if 'application/ld+json' in self.headers['Accept']: - self._set_headers('application/ld+json',len(msg),None) + self._set_headers('application/ld+json',len(msg),None,callingDomain) else: - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) else: - self._set_headers('application/ld+json',len(msg),None) + self._set_headers('application/ld+json',len(msg),None,callingDomain) self._write(msg) print('instance peers metadata sent') return True @@ -587,18 +593,18 @@ class PubServer(BaseHTTPRequestHandler): msg=json.dumps([]).encode('utf-8') if self.headers.get('Accept'): if 'application/ld+json' in self.headers['Accept']: - self._set_headers('application/ld+json',len(msg),None) + self._set_headers('application/ld+json',len(msg),None,callingDomain) else: - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) else: - self._set_headers('application/ld+json',len(msg),None) + self._set_headers('application/ld+json',len(msg),None,callingDomain) self._write(msg) print('instance activity metadata sent') return True self._404() return True - def _nodeinfo(self) -> bool: + def _nodeinfo(self,callingDomain: str) -> bool: if not self.path.startswith('/nodeinfo/2.0'): return False if self.server.debug: @@ -608,11 +614,11 @@ class PubServer(BaseHTTPRequestHandler): msg=json.dumps(info).encode('utf-8') if self.headers.get('Accept'): if 'application/ld+json' in self.headers['Accept']: - self._set_headers('application/ld+json',len(msg),None) + self._set_headers('application/ld+json',len(msg),None,callingDomain) else: - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) else: - self._set_headers('application/ld+json',len(msg),None) + self._set_headers('application/ld+json',len(msg),None,callingDomain) self._write(msg) print('nodeinfo sent') return True @@ -638,7 +644,7 @@ class PubServer(BaseHTTPRequestHandler): webfingerMeta('http',self.server.onionDomain) if wfResult: msg=wfResult.encode('utf-8') - self._set_headers('application/xrd+xml',len(msg),None) + self._set_headers('application/xrd+xml',len(msg),None,callingDomain) self._write(msg) return True self._404() @@ -656,11 +662,11 @@ class PubServer(BaseHTTPRequestHandler): msg=json.dumps(wfResult).encode('utf-8') if self.headers.get('Accept'): if 'application/ld+json' in self.headers['Accept']: - self._set_headers('application/ld+json',len(msg),None) + self._set_headers('application/ld+json',len(msg),None,callingDomain) else: - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) else: - self._set_headers('application/ld+json',len(msg),None) + self._set_headers('application/ld+json',len(msg),None,callingDomain) self._write(msg) return True self._404() @@ -674,7 +680,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.port,self.server.debug) if wfResult: msg=json.dumps(wfResult).encode('utf-8') - self._set_headers('application/jrd+json',len(msg),None) + self._set_headers('application/jrd+json',len(msg),None,callingDomain) self._write(msg) else: if self.server.debug: @@ -934,7 +940,7 @@ class PubServer(BaseHTTPRequestHandler): return locatePost(baseDir,nickname,domain,messageId),nickname def do_GET(self): - callingDomain=None + callingDomain=self.server.domainFull if self.headers.get('Host'): callingDomain=self.headers['Host'] if self.server.onionDomain: @@ -967,13 +973,13 @@ class PubServer(BaseHTTPRequestHandler): # Since fediverse crawlers are quite active, make returning info to them high priority # get nodeinfo endpoint - if self._nodeinfo(): + if self._nodeinfo(callingDomain): return self._benchmarkGETtimings(GETstartTime,GETtimings,1) # minimal mastodon api - if self._mastoApi(): + if self._mastoApi(callingDomain): return self._benchmarkGETtimings(GETstartTime,GETtimings,2) @@ -981,7 +987,7 @@ class PubServer(BaseHTTPRequestHandler): if self.path=='/logout': msg=htmlLogin(self.server.translate, \ self.server.baseDir,False).encode('utf-8') - self._logout_headers('text/html',len(msg)) + self._logout_headers('text/html',len(msg),callingDomain) self._write(msg) return @@ -1083,7 +1089,7 @@ class PubServer(BaseHTTPRequestHandler): maxPostsInRSSFeed,1) if msg!=None: msg=msg.encode() - self._set_headers('text/xml',len(msg),cookie) + self._set_headers('text/xml',len(msg),cookie,callingDomain) self._write(msg) return self._404() @@ -1107,7 +1113,7 @@ class PubServer(BaseHTTPRequestHandler): maxPostsInBlogsFeed) if msg!=None: msg=msg.encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) return self._404() @@ -1146,7 +1152,7 @@ class PubServer(BaseHTTPRequestHandler): maxPostsInBlogsFeed,pageNumber) if msg!=None: msg=msg.encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) return self._404() @@ -1194,7 +1200,7 @@ class PubServer(BaseHTTPRequestHandler): xmppAddress,matrixAddress, \ ssbAddress,toxAddress, \ PGPpubKey,emailAddress).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) return if not callingDomain.endswith('.onion') or \ @@ -1202,7 +1208,7 @@ class PubServer(BaseHTTPRequestHandler): originPathStrAbsolute=self.server.httpPrefix+'://'+self.server.domainFull+originPathStr else: originPathStrAbsolute='http://'+self.server.onionDomain+originPathStr - self._redirect_headers(originPathStrAbsolute,cookie) + self._redirect_headers(originPathStrAbsolute,cookie,callingDomain) return # show blog post @@ -1224,7 +1230,7 @@ class PubServer(BaseHTTPRequestHandler): postJsonObject) if msg!=None: msg=msg.encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) return self._404() @@ -1245,9 +1251,9 @@ class PubServer(BaseHTTPRequestHandler): if not msg: if callingDomain.endswith('.onion') and self.server.onionDomain: actor='http://'+self.server.onionDomain+usersPath - self._redirect_headers(actor+'/tlshares',cookie) + self._redirect_headers(actor+'/tlshares',cookie,callingDomain) return - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) return @@ -1257,7 +1263,7 @@ class PubServer(BaseHTTPRequestHandler): msg=htmlTermsOfService(self.server.baseDir, \ self.server.httpPrefix, \ self.server.domainFull).encode() - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) return @@ -1271,7 +1277,7 @@ class PubServer(BaseHTTPRequestHandler): else: msg=htmlAbout(self.server.baseDir,'http', \ self.server.onionDomain).encode() - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) return @@ -1341,7 +1347,7 @@ class PubServer(BaseHTTPRequestHandler): time.sleep(1) tries+=1 msg=css.encode('utf-8') - self._set_headers('text/css',len(msg),cookie) + self._set_headers('text/css',len(msg),cookie,callingDomain) self._write(msg) return self._404() @@ -1370,7 +1376,7 @@ class PubServer(BaseHTTPRequestHandler): time.sleep(1) tries+=1 if mediaBinary: - self._set_headers('image/png',len(mediaBinary),cookie) + self._set_headers('image/png',len(mediaBinary),cookie,callingDomain) self._write(mediaBinary) return self._404() @@ -1395,7 +1401,7 @@ class PubServer(BaseHTTPRequestHandler): time.sleep(1) tries+=1 if mediaBinary: - self._set_headers('image/png',len(mediaBinary),cookie) + self._set_headers('image/png',len(mediaBinary),cookie,callingDomain) self._write(mediaBinary) return self._404() @@ -1420,7 +1426,7 @@ class PubServer(BaseHTTPRequestHandler): time.sleep(1) tries+=1 if mediaBinary: - self._set_headers('image/png',len(mediaBinary),cookie) + self._set_headers('image/png',len(mediaBinary),cookie,callingDomain) self._write(mediaBinary) return self._404() @@ -1448,7 +1454,7 @@ class PubServer(BaseHTTPRequestHandler): mediaImageType='gif' with open(emojiFilename, 'rb') as avFile: mediaBinary=avFile.read() - self._set_headers('image/'+mediaImageType,len(mediaBinary),cookie) + self._set_headers('image/'+mediaImageType,len(mediaBinary),cookie,callingDomain) self._write(mediaBinary) return self._404() @@ -1512,7 +1518,8 @@ class PubServer(BaseHTTPRequestHandler): return with open(mediaFilename, 'rb') as avFile: mediaBinary=avFile.read() - self._set_headers_etag(mediaFilename,mediaFileType,mediaBinary,cookie) + self._set_headers_etag(mediaFilename,mediaFileType, \ + mediaBinary,cookie,callingDomain) self._write(mediaBinary) return self._404() @@ -1542,7 +1549,7 @@ class PubServer(BaseHTTPRequestHandler): mediaFileType='gif' with open(mediaFilename, 'rb') as avFile: mediaBinary=avFile.read() - self._set_headers('image/'+mediaFileType,len(mediaBinary),cookie) + self._set_headers('image/'+mediaFileType,len(mediaBinary),cookie,callingDomain) self._write(mediaBinary) return self._404() @@ -1559,14 +1566,14 @@ class PubServer(BaseHTTPRequestHandler): self.server.baseDir+'/img/icons/'+mediaStr if self.server.iconsCache.get(mediaStr): mediaBinary=self.server.iconsCache[mediaStr] - self._set_headers('image/png',len(mediaBinary),cookie) + self._set_headers('image/png',len(mediaBinary),cookie,callingDomain) self._write(mediaBinary) return else: if os.path.isfile(mediaFilename): with open(mediaFilename, 'rb') as avFile: mediaBinary=avFile.read() - self._set_headers('image/png',len(mediaBinary),cookie) + self._set_headers('image/png',len(mediaBinary),cookie,callingDomain) self._write(mediaBinary) self.server.iconsCache[mediaStr]=mediaBinary return @@ -1584,14 +1591,14 @@ class PubServer(BaseHTTPRequestHandler): with open(mediaFilename, 'rb') as avFile: mediaBinary=avFile.read() if mediaFilename.endswith('.png'): - self._set_headers('image/png',len(mediaBinary),cookie) + self._set_headers('image/png',len(mediaBinary),cookie,callingDomain) elif mediaFilename.endswith('.jpg'): - self._set_headers('image/jpeg',len(mediaBinary),cookie) + self._set_headers('image/jpeg',len(mediaBinary),cookie,callingDomain) elif mediaFilename.endswith('.gif'): - self._set_headers('image/gif',len(mediaBinary),cookie) + self._set_headers('image/gif',len(mediaBinary),cookie,callingDomain) else: # default to jpeg - self._set_headers('image/jpeg',len(mediaBinary),cookie) + self._set_headers('image/jpeg',len(mediaBinary),cookie,callingDomain) #self._404() return self._write(mediaBinary) @@ -1634,7 +1641,8 @@ class PubServer(BaseHTTPRequestHandler): with open(avatarFilename, 'rb') as avFile: mediaBinary=avFile.read() self._set_headers('image/'+mediaImageType, \ - len(mediaBinary),cookie) + len(mediaBinary),cookie, \ + callingDomain) self._write(mediaBinary) return @@ -1674,7 +1682,7 @@ class PubServer(BaseHTTPRequestHandler): # request basic auth msg=htmlLogin(self.server.translate, \ self.server.baseDir).encode('utf-8') - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) self.server.GETbusy=False return @@ -1694,7 +1702,7 @@ class PubServer(BaseHTTPRequestHandler): hashtag=hashtag.split('?page=')[0] if isBlockedHashtag(self.server.baseDir,hashtag): msg=htmlHashtagBlocked(self.server.baseDir).encode('utf-8') - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) self.server.GETbusy=False return @@ -1717,14 +1725,14 @@ class PubServer(BaseHTTPRequestHandler): self.server.projectVersion) if hashtagStr: msg=hashtagStr.encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: originPathStr=self.path.split('/tags/')[0] originPathStrAbsolute=self.server.httpPrefix+'://'+self.server.domainFull+originPathStr if callingDomain.endswith('.onion') and self.server.onionDomain: originPathStrAbsolute='http://'+self.server.onionDomain+originPathStr - self._redirect_headers(originPathStrAbsolute+'/search',cookie) + self._redirect_headers(originPathStrAbsolute+'/search',cookie,callingDomain) self.server.GETbusy=False return @@ -1740,7 +1748,7 @@ class PubServer(BaseHTTPRequestHandler): # show the search screen msg=htmlSearch(self.server.translate, \ self.server.baseDir,self.path).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -1755,7 +1763,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.baseDir,self.path, \ self.server.httpPrefix, \ self.server.domainFull).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -1795,10 +1803,10 @@ class PubServer(BaseHTTPRequestHandler): actor= \ 'http://'+self.server.onionDomain+ \ self.path.split('/eventdelete')[0] - self._redirect_headers(actor+'/calendar',cookie) + self._redirect_headers(actor+'/calendar',cookie,callingDomain) return msg=msg.encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -1812,7 +1820,7 @@ class PubServer(BaseHTTPRequestHandler): msg=htmlSearchEmojiTextEntry(self.server.translate, \ self.server.baseDir, \ self.path).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -1855,7 +1863,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+ \ - '?page='+str(pageNumber),cookie) + '?page='+str(pageNumber),cookie,callingDomain) return if not self.server.session: self.server.session= \ @@ -1887,7 +1895,7 @@ class PubServer(BaseHTTPRequestHandler): actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+'?page='+ \ str(pageNumber)+ \ - timelineBookmark,cookie) + timelineBookmark,cookie,callingDomain) return self._benchmarkGETtimings(GETstartTime,GETtimings,32) @@ -1928,7 +1936,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+'?page='+ \ - str(pageNumber),cookie) + str(pageNumber),cookie,callingDomain) return if not self.server.session: self.server.session= \ @@ -1958,7 +1966,7 @@ class PubServer(BaseHTTPRequestHandler): actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+'?page='+ \ str(pageNumber)+ \ - timelineBookmark,cookie) + timelineBookmark,cookie,callingDomain) return self._benchmarkGETtimings(GETstartTime,GETtimings,33) @@ -1993,7 +2001,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: originPathStrAbsolute= \ 'http://'+self.server.onionDomain+originPathStr - self._redirect_headers(originPathStrAbsolute,cookie) + self._redirect_headers(originPathStrAbsolute,cookie,callingDomain) self.server.GETbusy=False return @@ -2024,7 +2032,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.httpPrefix+'://'+self.server.domainFull+originPathStr if callingDomain.endswith('.onion') and self.server.onionDomain: originPathStrAbsolute='http://'+self.server.onionDomain+originPathStr - self._redirect_headers(originPathStrAbsolute,cookie) + self._redirect_headers(originPathStrAbsolute,cookie,callingDomain) self.server.GETbusy=False return @@ -2064,7 +2072,8 @@ class PubServer(BaseHTTPRequestHandler): actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+ \ '?page='+str(pageNumber)+ \ - timelineBookmark,cookie) + timelineBookmark,cookie, \ + callingDomain) return if not self.server.session: self.server.session= \ @@ -2089,7 +2098,8 @@ class PubServer(BaseHTTPRequestHandler): actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+ \ '?page='+str(pageNumber)+ \ - timelineBookmark,cookie) + timelineBookmark,cookie, \ + callingDomain) return self._benchmarkGETtimings(GETstartTime,GETtimings,36) @@ -2126,7 +2136,8 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+ \ - '?page='+str(pageNumber),cookie) + '?page='+str(pageNumber),cookie, \ + callingDomain) return if not self.server.session: self.server.session= \ @@ -2156,7 +2167,8 @@ class PubServer(BaseHTTPRequestHandler): actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+ \ '?page='+str(pageNumber)+ \ - timelineBookmark,cookie) + timelineBookmark,cookie, \ + callingDomain) return self._benchmarkGETtimings(GETstartTime,GETtimings,36) @@ -2194,7 +2206,8 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+ \ - '?page='+str(pageNumber),cookie) + '?page='+str(pageNumber),cookie, \ + callingDomain) return if not self.server.session: self.server.session= \ @@ -2216,7 +2229,8 @@ class PubServer(BaseHTTPRequestHandler): actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+ \ '?page='+str(pageNumber)+ \ - timelineBookmark,cookie) + timelineBookmark,cookie, \ + callingDomain) return # undo a bookmark from the web interface icon @@ -2251,7 +2265,8 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+ \ - '?page='+str(pageNumber),cookie) + '?page='+str(pageNumber),cookie, \ + callingDomain) return if not self.server.session: self.server.session= \ @@ -2278,7 +2293,8 @@ class PubServer(BaseHTTPRequestHandler): actorAbsolute='http://'+self.server.onionDomain+actor self._redirect_headers(actorAbsolute+'/'+timelineStr+ \ '?page='+str(pageNumber)+ \ - timelineBookmark,cookie) + timelineBookmark,cookie, \ + callingDomain) return self._benchmarkGETtimings(GETstartTime,GETtimings,37) @@ -2314,7 +2330,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.GETbusy=False if callingDomain.endswith('.onion') and self.server.onionDomain: actor='http://'+self.server.onionDomain+usersPath - self._redirect_headers(actor+'/'+timelineStr,cookie) + self._redirect_headers(actor+'/'+timelineStr,cookie,callingDomain) return self.postToNickname=getNicknameFromActor(actor) if not self.postToNickname: @@ -2322,7 +2338,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.GETbusy=False if callingDomain.endswith('.onion') and self.server.onionDomain: actor='http://'+self.server.onionDomain+usersPath - self._redirect_headers(actor+'/'+timelineStr,cookie) + self._redirect_headers(actor+'/'+timelineStr,cookie,callingDomain) return if not self.server.session: self.server.session= \ @@ -2337,14 +2353,14 @@ class PubServer(BaseHTTPRequestHandler): __version__,self.server.cachedWebfingers, \ self.server.personCache) if deleteStr: - self._set_headers('text/html',len(deleteStr),cookie) + self._set_headers('text/html',len(deleteStr),cookie,callingDomain) self._write(deleteStr.encode()) self.server.GETbusy=False return self.server.GETbusy=False if callingDomain.endswith('.onion') and self.server.onionDomain: actor='http://'+self.server.onionDomain+usersPath - self._redirect_headers(actor+'/'+timelineStr,cookie) + self._redirect_headers(actor+'/'+timelineStr,cookie,callingDomain) return # mute a post from the web interface icon @@ -2381,7 +2397,8 @@ class PubServer(BaseHTTPRequestHandler): actor= \ 'http://'+self.server.onionDomain+ \ self.path.split('?mute=')[0] - self._redirect_headers(actor+'/'+timelineStr+timelineBookmark,cookie) + self._redirect_headers(actor+'/'+timelineStr+timelineBookmark, \ + cookie,callingDomain) return # unmute a post from the web interface icon @@ -2418,7 +2435,8 @@ class PubServer(BaseHTTPRequestHandler): actor= \ 'http://'+ \ self.server.onionDomain+self.path.split('?unmute=')[0] - self._redirect_headers(actor+'/'+timelineStr+timelineBookmark,cookie) + self._redirect_headers(actor+'/'+timelineStr+timelineBookmark, \ + cookie,callingDomain) return # reply from the web interface icon @@ -2522,7 +2540,7 @@ class PubServer(BaseHTTPRequestHandler): postUrl) if msg: msg=msg.encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -2534,7 +2552,7 @@ class PubServer(BaseHTTPRequestHandler): self.path,self.server.domain, \ self.server.port, \ self.server.httpPrefix).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -2559,7 +2577,7 @@ class PubServer(BaseHTTPRequestHandler): shareDescription, \ replyPageNumber, \ nickname,self.server.domain).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -2609,12 +2627,12 @@ class PubServer(BaseHTTPRequestHandler): authorized,postJsonObject, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: if self._fetchAuthenticated(): msg=json.dumps(postJsonObject,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -2676,13 +2694,13 @@ class PubServer(BaseHTTPRequestHandler): repliesJson, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) print('----------------------------------------------------') self._write(msg) else: if self._fetchAuthenticated(): msg=json.dumps(repliesJson,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -2726,12 +2744,12 @@ class PubServer(BaseHTTPRequestHandler): repliesJson, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: if self._fetchAuthenticated(): msg=json.dumps(repliesJson,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -2773,12 +2791,12 @@ class PubServer(BaseHTTPRequestHandler): self.server.personCache, \ actorJson['roles'], \ None,None).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: if self._fetchAuthenticated(): msg=json.dumps(actorJson['roles'],ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -2819,12 +2837,12 @@ class PubServer(BaseHTTPRequestHandler): self.server.personCache, \ actorJson['skills'], \ None,None).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: if self._fetchAuthenticated(): msg=json.dumps(actorJson['skills'],ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -2834,7 +2852,7 @@ class PubServer(BaseHTTPRequestHandler): actorAbsolute=self.server.httpPrefix+'://'+self.server.domainFull+actor if callingDomain.endswith('.onion') and self.server.onionDomain: actorAbsolute='http://'+self.server.onionDomain+actor - self._redirect_headers(actorAbsolute,cookie) + self._redirect_headers(actorAbsolute,cookie,callingDomain) self.server.GETbusy=False return @@ -2882,12 +2900,12 @@ class PubServer(BaseHTTPRequestHandler): authorized,postJsonObject, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: if self._fetchAuthenticated(): msg=json.dumps(postJsonObject,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -2953,13 +2971,13 @@ class PubServer(BaseHTTPRequestHandler): self.server.allowDeletion, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: # don't need authenticated fetch here because there is # already the authorization check msg=json.dumps(inboxFeed,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -3032,13 +3050,13 @@ class PubServer(BaseHTTPRequestHandler): self.server.allowDeletion, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: # don't need authenticated fetch here because there is # already the authorization check msg=json.dumps(inboxDMFeed,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -3112,13 +3130,13 @@ class PubServer(BaseHTTPRequestHandler): self.server.allowDeletion, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: # don't need authenticated fetch here because there is # already the authorization check msg=json.dumps(inboxRepliesFeed,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -3192,13 +3210,13 @@ class PubServer(BaseHTTPRequestHandler): self.server.allowDeletion, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: # don't need authenticated fetch here because there is # already the authorization check msg=json.dumps(inboxMediaFeed,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -3270,13 +3288,13 @@ class PubServer(BaseHTTPRequestHandler): self.server.allowDeletion, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: # don't need authenticated fetch here because there is # already the authorization check msg=json.dumps(inboxBlogsFeed,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -3325,7 +3343,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.allowDeletion, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -3390,13 +3408,13 @@ class PubServer(BaseHTTPRequestHandler): self.server.allowDeletion, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: # don't need authenticated fetch here because there is # already the authorization check msg=json.dumps(inboxFeed,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -3465,12 +3483,12 @@ class PubServer(BaseHTTPRequestHandler): self.server.allowDeletion, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: if self._fetchAuthenticated(): msg=json.dumps(outboxFeed,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -3534,13 +3552,13 @@ class PubServer(BaseHTTPRequestHandler): True, \ self.server.httpPrefix, \ self.server.projectVersion).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: # don't need authenticated fetch here because there is # already the authorization check msg=json.dumps(moderationFeed,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) self.server.GETbusy=False return @@ -3607,14 +3625,14 @@ class PubServer(BaseHTTPRequestHandler): self.server.personCache, \ shares, \ pageNumber,sharesPerPage).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return else: if self._fetchAuthenticated(): msg=json.dumps(shares,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -3669,14 +3687,14 @@ class PubServer(BaseHTTPRequestHandler): self.server.personCache, \ following, \ pageNumber,followsPerPage).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return else: if self._fetchAuthenticated(): msg=json.dumps(following,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -3730,14 +3748,14 @@ class PubServer(BaseHTTPRequestHandler): self.server.personCache, \ followers, \ pageNumber,followsPerPage).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.GETbusy=False return else: if self._fetchAuthenticated(): msg=json.dumps(followers,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -3771,12 +3789,12 @@ class PubServer(BaseHTTPRequestHandler): self.server.cachedWebfingers, \ self.server.personCache, \ None,None).encode('utf-8') - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) else: if self._fetchAuthenticated(): msg=json.dumps(getPerson,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: self._404() @@ -3808,7 +3826,7 @@ class PubServer(BaseHTTPRequestHandler): content=File.read() contentJson=json.loads(content) msg=json.dumps(contentJson,ensure_ascii=False).encode('utf-8') - self._set_headers('application/json',len(msg),None) + self._set_headers('application/json',len(msg),None,callingDomain) self._write(msg) else: if self.server.debug: @@ -3819,6 +3837,23 @@ class PubServer(BaseHTTPRequestHandler): self._benchmarkGETtimings(GETstartTime,GETtimings,55) def do_HEAD(self): + callingDomain=self.server.domainFull + if self.headers.get('Host'): + callingDomain=self.headers['Host'] + if self.server.onionDomain: + if callingDomain != self.server.domain and \ + callingDomain != self.server.domainFull and \ + callingDomain != self.server.onionDomain: + print('HEAD domain blocked: '+callingDomain) + self._400() + return + else: + if callingDomain != self.server.domain and \ + callingDomain != self.server.domainFull: + print('HEAD domain blocked: '+callingDomain) + self._400() + return + checkPath=self.path etag=None fileLength=-1 @@ -3872,7 +3907,7 @@ class PubServer(BaseHTTPRequestHandler): elif checkPath.endswith('.ogg'): mediaFileType='audio/ogg' - self._set_headers_head(mediaFileType,fileLength,etag) + self._set_headers_head(mediaFileType,fileLength,etag,callingDomain) def _receiveNewPostProcess(self,authorized: bool, \ postType: str,path: str,headers: {}, @@ -4399,7 +4434,7 @@ class PubServer(BaseHTTPRequestHandler): return self.server.lastPOST=currTimePOST - callingDomain=None + callingDomain=self.server.domainFull if self.headers.get('Host'): callingDomain=self.headers['Host'] if self.server.onionDomain: @@ -4487,10 +4522,12 @@ class PubServer(BaseHTTPRequestHandler): self.server.POSTbusy=False if callingDomain.endswith('.onion') and \ self.server.onionDomain: - self._redirect_headers('http://'+self.server.onionDomain+'/login',cookie) + self._redirect_headers('http://'+self.server.onionDomain+'/login', \ + cookie,callingDomain) else: self._redirect_headers(self.server.httpPrefix+'://'+ \ - self.server.domainFull+'/login',cookie) + self.server.domainFull+'/login', \ + cookie,callingDomain) return authHeader=createBasicAuthHeader(loginNickname,loginPassword) if not authorizeBasic(self.server.baseDir,'/users/'+ \ @@ -4502,7 +4539,7 @@ class PubServer(BaseHTTPRequestHandler): else: if isSuspended(self.server.baseDir,loginNickname): msg=htmlSuspended(self.server.baseDir).encode('utf-8') - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) self.server.POSTbusy=False return @@ -4590,7 +4627,7 @@ class PubServer(BaseHTTPRequestHandler): actorStr= \ 'http://'+self.server.onionDomain+usersPath print('WARN: nickname not found in '+actorStr) - self._redirect_headers(actorStr,cookie) + self._redirect_headers(actorStr,cookie,callingDomain) self.server.POSTbusy=False return length=int(self.headers['Content-length']) @@ -4599,7 +4636,7 @@ class PubServer(BaseHTTPRequestHandler): actorStr= \ 'http://'+self.server.onionDomain+usersPath print('Maximum profile data length exceeded '+str(length)) - self._redirect_headers(actorStr,cookie) + self._redirect_headers(actorStr,cookie,callingDomain) self.server.POSTbusy=False return @@ -5012,7 +5049,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: actorStr= \ 'http://'+self.server.onionDomain+usersPath - self._redirect_headers(actorStr,cookie) + self._redirect_headers(actorStr,cookie,callingDomain) self.server.POSTbusy=False return @@ -5042,7 +5079,7 @@ class PubServer(BaseHTTPRequestHandler): msg=htmlModerationInfo(self.server.translate, \ self.server.baseDir, \ self.server.httpPrefix).encode('utf-8') - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) self.server.POSTbusy=False return @@ -5131,7 +5168,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: actorStr= \ 'http://'+self.server.onionDomain+usersPath - self._redirect_headers(actorStr+'/moderation',cookie) + self._redirect_headers(actorStr+'/moderation',cookie,callingDomain) self.server.POSTbusy=False return @@ -5166,7 +5203,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: actor='http://'+self.server.onionDomain+usersPath self._redirect_headers(actor+'/'+self.server.defaultTimeline+'?page='+ \ - str(pageNumber),cookie) + str(pageNumber),cookie,callingDomain) self.server.POSTbusy=False return # get the parameters @@ -5189,7 +5226,8 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: actor='http://'+self.server.onionDomain+usersPath self._redirect_headers(actor+'/'+self.server.defaultTimeline+ \ - '?page='+str(pageNumber),cookie) + '?page='+str(pageNumber),cookie, \ + callingDomain) self.server.POSTbusy=False return @@ -5217,7 +5255,8 @@ class PubServer(BaseHTTPRequestHandler): # go back on search screen if callingDomain.endswith('.onion') and self.server.onionDomain: actorStr='http://'+self.server.onionDomain+usersPath - self._redirect_headers(actorStr+'/'+self.server.defaultTimeline,cookie) + self._redirect_headers(actorStr+'/'+self.server.defaultTimeline, \ + cookie,callingDomain) self.server.POSTbusy=False return if 'searchtext=' in searchParams: @@ -5248,7 +5287,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.projectVersion) if hashtagStr: msg=hashtagStr.encode('utf-8') - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) self.server.POSTbusy=False return @@ -5264,7 +5303,7 @@ class PubServer(BaseHTTPRequestHandler): 64) if skillStr: msg=skillStr.encode('utf-8') - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) self.server.POSTbusy=False return @@ -5291,14 +5330,14 @@ class PubServer(BaseHTTPRequestHandler): self.server.projectVersion) if profileStr: msg=profileStr.encode('utf-8') - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) self.server.POSTbusy=False return else: if callingDomain.endswith('.onion') and self.server.onionDomain: actorStr='http://'+self.server.onionDomain+usersPath - self._redirect_headers(actorStr+'/search',cookie) + self._redirect_headers(actorStr+'/search',cookie,callingDomain) self.server.POSTbusy=False return elif searchStr.startswith(':') or \ @@ -5315,7 +5354,7 @@ class PubServer(BaseHTTPRequestHandler): searchStr) if emojiStr: msg=emojiStr.encode('utf-8') - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) self.server.POSTbusy=False return @@ -5331,13 +5370,14 @@ class PubServer(BaseHTTPRequestHandler): actorStr) if sharedItemsStr: msg=sharedItemsStr.encode('utf-8') - self._login_headers('text/html',len(msg)) + self._login_headers('text/html',len(msg),callingDomain) self._write(msg) self.server.POSTbusy=False return if callingDomain.endswith('.onion') and self.server.onionDomain: actorStr='http://'+self.server.onionDomain+usersPath - self._redirect_headers(actorStr+'/'+self.server.defaultTimeline,cookie) + self._redirect_headers(actorStr+'/'+self.server.defaultTimeline, \ + cookie,callingDomain) self.server.POSTbusy=False return @@ -5367,7 +5407,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: originPathStr= \ 'http://'+self.server.onionDomain+usersPath - self._redirect_headers(originPathStr+'/tlshares',cookie) + self._redirect_headers(originPathStr+'/tlshares',cookie,callingDomain) self.server.POSTbusy=False return @@ -5428,10 +5468,10 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: originPathStr='http://'+self.server.onionDomain+usersPath if pageNumber==1: - self._redirect_headers(originPathStr+'/outbox',cookie) + self._redirect_headers(originPathStr+'/outbox',cookie,callingDomain) else: self._redirect_headers(originPathStr+'/outbox?page='+ \ - str(pageNumber),cookie) + str(pageNumber),cookie,callingDomain) self.server.POSTbusy=False return @@ -5450,7 +5490,7 @@ class PubServer(BaseHTTPRequestHandler): followConfirmParams.replace('%3A',':').replace('%2F','/').split('actor=')[1] if '&' in followingActor: followingActor=followingActor.split('&')[0] - self._redirect_headers(followingActor,cookie) + self._redirect_headers(followingActor,cookie,callingDomain) self.server.POSTbusy=False return if '&submitYes=' in followConfirmParams: @@ -5487,7 +5527,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: originPathStr= \ 'http://'+self.server.onionDomain+usersPath - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return @@ -5540,7 +5580,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: originPathStr= \ 'http://'+self.server.onionDomain+usersPath - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return @@ -5557,7 +5597,7 @@ class PubServer(BaseHTTPRequestHandler): originPathStr= \ 'http://'+self.server.onionDomain+usersPath print('WARN: unable to find nickname in '+originPathStr) - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return length=int(self.headers['Content-length']) @@ -5573,7 +5613,7 @@ class PubServer(BaseHTTPRequestHandler): originPathStr= \ 'http://'+self.server.onionDomain+usersPath print('WARN: unable to find nickname in '+blockingActor) - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return blockingDomain,blockingPort=getDomainFromActor(blockingActor) @@ -5596,7 +5636,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: originPathStr= \ 'http://'+self.server.onionDomain+usersPath - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return @@ -5613,7 +5653,7 @@ class PubServer(BaseHTTPRequestHandler): originPathStr= \ 'http://'+self.server.onionDomain+usersPath print('WARN: unable to find nickname in '+originPathStr) - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return length=int(self.headers['Content-length']) @@ -5629,7 +5669,7 @@ class PubServer(BaseHTTPRequestHandler): originPathStr= \ 'http://'+self.server.onionDomain+usersPath print('WARN: unable to find nickname in '+blockingActor) - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return blockingDomain,blockingPort= \ @@ -5655,7 +5695,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: originPathStr= \ 'http://'+self.server.onionDomain+usersPath - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return @@ -5675,7 +5715,7 @@ class PubServer(BaseHTTPRequestHandler): originPathStr= \ 'http://'+self.server.onionDomain+usersPath print('WARN: unable to find nickname in '+originPathStr) - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return length=int(self.headers['Content-length']) @@ -5709,7 +5749,7 @@ class PubServer(BaseHTTPRequestHandler): originPathStr= \ 'http://'+self.server.onionDomain+usersPath print('WARN: unable to find nickname in '+optionsActor) - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return optionsDomain,optionsPort=getDomainFromActor(optionsActor) @@ -5727,7 +5767,7 @@ class PubServer(BaseHTTPRequestHandler): if '&submitView=' in optionsConfirmParams: if self.server.debug: print('Viewing '+optionsActor) - self._redirect_headers(optionsActor,cookie) + self._redirect_headers(optionsActor,cookie,callingDomain) self.server.POSTbusy=False return if '&submitBlock=' in optionsConfirmParams: @@ -5745,7 +5785,7 @@ class PubServer(BaseHTTPRequestHandler): originPathStr, \ optionsActor, \ optionsAvatarUrl).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.POSTbusy=False return @@ -5757,7 +5797,7 @@ class PubServer(BaseHTTPRequestHandler): originPathStr, \ optionsActor, \ optionsAvatarUrl).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.POSTbusy=False return @@ -5769,7 +5809,7 @@ class PubServer(BaseHTTPRequestHandler): originPathStr, \ optionsActor, \ optionsAvatarUrl).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.POSTbusy=False return @@ -5784,7 +5824,7 @@ class PubServer(BaseHTTPRequestHandler): [optionsActor],None, \ pageNumber, \ chooserNickname,self.server.domain).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.POSTbusy=False return @@ -5802,7 +5842,8 @@ class PubServer(BaseHTTPRequestHandler): 'http://'+self.server.onionDomain+usersPath self._redirect_headers(thisActor+ \ '/'+self.server.defaultTimeline+ \ - '?page='+str(pageNumber),cookie) + '?page='+str(pageNumber),cookie, \ + callingDomain) self.server.POSTbusy=False return if '&submitUnSnooze=' in optionsConfirmParams: @@ -5819,7 +5860,8 @@ class PubServer(BaseHTTPRequestHandler): 'http://'+self.server.onionDomain+usersPath self._redirect_headers(thisActor+ \ '/'+self.server.defaultTimeline+ \ - '?page='+str(pageNumber),cookie) + '?page='+str(pageNumber),cookie, \ + callingDomain) self.server.POSTbusy=False return if '&submitReport=' in optionsConfirmParams: @@ -5832,7 +5874,7 @@ class PubServer(BaseHTTPRequestHandler): reportPath,None,[], \ postUrl,pageNumber, \ chooserNickname,self.server.domain).encode() - self._set_headers('text/html',len(msg),cookie) + self._set_headers('text/html',len(msg),cookie,callingDomain) self._write(msg) self.server.POSTbusy=False return @@ -5840,7 +5882,7 @@ class PubServer(BaseHTTPRequestHandler): if callingDomain.endswith('.onion') and self.server.onionDomain: originPathStr= \ 'http://'+self.server.onionDomain+usersPath - self._redirect_headers(originPathStr,cookie) + self._redirect_headers(originPathStr,cookie,callingDomain) self.server.POSTbusy=False return @@ -5865,12 +5907,14 @@ class PubServer(BaseHTTPRequestHandler): self._redirect_headers(self.server.httpPrefix+'://'+self.server.domainFull+ \ '/users/'+nickname+ \ '/'+postRedirect+ \ - '?page='+str(pageNumber),cookie) + '?page='+str(pageNumber),cookie, \ + callingDomain) else: self._redirect_headers('http://'+self.server.onionDomain+ \ '/users/'+nickname+ \ '/'+postRedirect+ \ - '?page='+str(pageNumber),cookie) + '?page='+str(pageNumber),cookie, \ + callingDomain) self.server.POSTbusy=False return