ref: 90df0ec3e9f20610f08332bc08f8df9d1cfdf090
parent: 2943c008d441d85701adc3e7c17b3b2ade061711
author: Philip Silva <[email protected]>
date: Sat Sep 10 08:28:28 EDT 2022
url file, check cors header in response
--- a/browser/experimental_test.go
+++ b/browser/experimental_test.go
@@ -71,7 +71,7 @@
`throw 'fail';`,
}
fs.SetDOM(nt)
- fs.Update(h, nil, scripts)
+ fs.Update("", h, nil, scripts)
js.Start()
h, _, err = processJS2()
if err != nil {
--- a/browser/fs/fs.go
+++ b/browser/fs/fs.go
@@ -23,9 +23,10 @@
oFS *fs.FS
un string
gn string
+ url string
+ htm string
cssDir *fs.StaticDir
jsDir *fs.StaticDir
- htm string
rt *Node
Client *http.Client
Fetcher opossum.Fetcher
@@ -46,24 +47,40 @@
rt.nt = d
}
+func userGroup() (un, gn string, err error) {
+ u, err := user.Current()
+ if err != nil {
+ return "", "", fmt.Errorf("current user: %w", err)
+ }
+ un = u.Username
+ gn, err = opossum.Group(u)
+ if err != nil {
+ return "", "", fmt.Errorf("group: %v", err)
+ }
+ return
+}
+
func Srv9p() {
c.L.Lock()
var root *fs.StaticDir
- u, err := user.Current()
+ un, gn, err := userGroup()
if err != nil {
log.Errorf("get user: %v", err)
c.L.Unlock()
return
}
- un = u.Username
- gn, err = opossum.Group(u)
- if err != nil {
- log.Errorf("get group: %v", err)
- c.L.Unlock()
- return
- }
oFS, root = fs.NewFS(un, gn, 0500)
+ u := fs.NewDynamicFile(
+ oFS.NewStat("url", un, gn, 0400),
+ func() []byte {
+ mu.RLock()
+ defer mu.RUnlock()
+
+ return []byte(url)
+ },
+ )
+ root.AddChild(u)
h := fs.NewDynamicFile(
oFS.NewStat("html", un, gn, 0400),
func() []byte {
@@ -179,9 +196,6 @@
url.Host = req.Host
if h := url.Host; h == "" {
url.Host = Fetcher.Origin().Host
- } else if !allowed(req.Header, h, Fetcher.Origin().Host) {
- log.Errorf("no cross-origin request: %v", h)
- return
}
url.Scheme = "https"
proxyReq, err := http.NewRequest(req.Method, url.String(), req.Body)
@@ -200,6 +214,10 @@
log.Errorf("do request: %v", err)
return
}
+ if h := url.Host; !allowed(resp.Header, h, Fetcher.Origin().Host) {
+ log.Errorf("no cross-origin request: %v", h)
+ return
+ }
if err := resp.Write(conn); err != nil {
log.Errorf("write response: %v", err)
return
@@ -206,7 +224,7 @@
}
}
-func Update(html string, css []string, js []string) {
+func Update(uri, html string, css []string, js []string) {
c.L.Lock()
defer c.L.Unlock()
@@ -214,6 +232,7 @@
c.Wait()
}
+ url = uri
htm = html
if cssDir != nil {
for name := range cssDir.Children() {
--- a/browser/website.go
+++ b/browser/website.go
@@ -100,7 +100,7 @@
downloads[src] = string(buf)
}
scripts = js.Scripts(nt, downloads)
- fs.Update(htm, csss, scripts)
+ fs.Update(f.Origin().String(), htm, csss, scripts)
fs.SetDOM(nt)
log.Infof("JS pipeline start")
js.Stop()
@@ -157,7 +157,7 @@
w.UI = scroller
}
- fs.Update(htm, csss, scripts)
+ fs.Update(f.Origin().String(), htm, csss, scripts)
fs.SetDOM(nt)
}
--- a/js/js_test.go
+++ b/js/js_test.go
@@ -71,7 +71,7 @@
}
nt := nodes.NewNodeTree(doc, style.Map{}, make(map[*html.Node]style.Map), nil)
fs.SetDOM(nt)
- fs.Update(simpleHTML, nil, []string{string(buf), script})
+ fs.Update("", simpleHTML, nil, []string{string(buf), script})
resHtm, changed, err := Start(string(buf), script)
if err != nil {