diff options
author | Miguel Jacq <mig@mig5.net> | 2021-11-08 16:31:05 +1100 |
---|---|---|
committer | Miguel Jacq <mig@mig5.net> | 2021-11-08 16:31:05 +1100 |
commit | 627c185fcb3c369f291b285910421d9cdcbf2f86 (patch) | |
tree | 35f2e3883466b684bbeb0b5b072c86e606ceabff /cli/onionshare_cli/__init__.py | |
parent | 1b259a208d29c2c8e8eae1d2f1fe28e59eed769b (diff) | |
download | onionshare-627c185fcb3c369f291b285910421d9cdcbf2f86.tar.gz onionshare-627c185fcb3c369f291b285910421d9cdcbf2f86.zip |
Support sending a custom Content-Security-Policy header in Website mode
Diffstat (limited to 'cli/onionshare_cli/__init__.py')
-rw-r--r-- | cli/onionshare_cli/__init__.py | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/cli/onionshare_cli/__init__.py b/cli/onionshare_cli/__init__.py index 4bc00929..4041c5ea 100644 --- a/cli/onionshare_cli/__init__.py +++ b/cli/onionshare_cli/__init__.py @@ -160,7 +160,13 @@ def main(cwd=None): action="store_true", dest="disable_csp", default=False, - help="Publish website: Disable Content Security Policy header (allows your website to use third-party resources)", + help="Publish website: Disable the default Content Security Policy header (allows your website to use third-party resources)", + ) + parser.add_argument( + "--custom_csp", + metavar="custom_csp", + default=None, + help="Publish website: Set a custom Content Security Policy header", ) # Other parser.add_argument( @@ -199,6 +205,7 @@ def main(cwd=None): disable_text = args.disable_text disable_files = args.disable_files disable_csp = bool(args.disable_csp) + custom_csp = args.custom_csp verbose = bool(args.verbose) # Verbose mode? @@ -244,7 +251,15 @@ def main(cwd=None): mode_settings.set("receive", "disable_text", disable_text) mode_settings.set("receive", "disable_files", disable_files) if mode == "website": - mode_settings.set("website", "disable_csp", disable_csp) + if disable_csp and custom_csp: + print("You cannot disable the CSP and set a custom one. Either set --disable-csp or --custom-csp but not both.") + sys.exit() + if disable_csp: + mode_settings.set("website", "disable_csp", True) + mode_settings.set("website", "custom_csp", None) + if custom_csp: + mode_settings.set("website", "custom_csp", custom_csp) + mode_settings.set("website", "disable_csp", False) else: # See what the persistent mode was mode = mode_settings.get("persistent", "mode") |