langfingaz/anki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix non-local .html testing

Browse Source
This commit is contained in:
Damien Elmes 2023-12-08 12:43:09 +10:00
parent 29e98721b5
commit b103e09a5e
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
qt/aqt/mediasrv.py
View File

@ -289,9 +289,10 @@ def handle_request(pathin: str) -> Response:
allowed_prefixes = ("127.0.0.1:", "localhost:", "[::1]:")
if not any(host.startswith(prefix) for prefix in allowed_prefixes):
# while we only bind to localhost, this request may have come from a local browser
# via a DNS rebinding attack
print("deny non-local host", host)
abort(403)
# via a DNS rebinding attack; deny it unless we're doing non-local testing
if os.environ.get("ANKI_API_HOST") != "0.0.0.0":
print("deny non-local host", host)
abort(403)
req = _extract_request(pathin)
if dev_mode: