diff --git a/daemon.py b/daemon.py index bae485674..b0e2cc084 100644 --- a/daemon.py +++ b/daemon.py @@ -17,6 +17,7 @@ from socket import error as SocketError import errno from functools import partial import pyqrcode +import idna # for saving images from hashlib import sha256 from hashlib import sha1 @@ -9759,7 +9760,9 @@ class PubServer(BaseHTTPRequestHandler): def do_GET(self): callingDomain = self.server.domainFull if self.headers.get('Host'): - callingDomain = self.headers['Host'] + # IDNA decoding is an idempotent operation so this should not break 'normal' domains. + # For non-IDNA domains perhaps this behaviour should be disabled: TODO add config option? + callingDomain = idna.decode(self.headers['Host']) if self.server.onionDomain: if callingDomain != self.server.domain and \ callingDomain != self.server.domainFull and \ @@ -11908,7 +11911,8 @@ class PubServer(BaseHTTPRequestHandler): def do_HEAD(self): callingDomain = self.server.domainFull if self.headers.get('Host'): - callingDomain = self.headers['Host'] + # As in the GET handler this should be idempotent but for security maybe make configurable. + callingDomain = idna.decode(self.headers['Host']) if self.server.onionDomain: if callingDomain != self.server.domain and \ callingDomain != self.server.domainFull and \ @@ -12842,7 +12846,8 @@ class PubServer(BaseHTTPRequestHandler): callingDomain = self.server.domainFull if self.headers.get('Host'): - callingDomain = self.headers['Host'] + # As notes in the GET handler, this should be idempotent but should be configurable just in case + callingDomain = idna.decode(self.headers['Host']) if self.server.onionDomain: if callingDomain != self.server.domain and \ callingDomain != self.server.domainFull and \