diff options
author | Micah Lee <micah@micahflee.com> | 2021-11-23 18:44:14 -0800 |
---|---|---|
committer | Micah Lee <micah@micahflee.com> | 2021-11-23 18:44:14 -0800 |
commit | a4985e7029df1d1e3d569dca09fd85afe6402dc8 (patch) | |
tree | a82f3a50c9c377897905b8427468e3a4e352425b /cli/onionshare_cli/__init__.py | |
parent | 1d0d30458cd10cf4536c616253036c29759ac29d (diff) | |
parent | dbae142a873c0bb326d0b6fa9ab3a4872280fe9b (diff) | |
download | onionshare-a4985e7029df1d1e3d569dca09fd85afe6402dc8.tar.gz onionshare-a4985e7029df1d1e3d569dca09fd85afe6402dc8.zip |
Support sending a custom Content-Security-Policy header in Website mode
Diffstat (limited to 'cli/onionshare_cli/__init__.py')
-rw-r--r-- | cli/onionshare_cli/__init__.py | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/cli/onionshare_cli/__init__.py b/cli/onionshare_cli/__init__.py index 060c5628..ded67ed6 100644 --- a/cli/onionshare_cli/__init__.py +++ b/cli/onionshare_cli/__init__.py @@ -150,7 +150,13 @@ def main(cwd=None): action="store_true", dest="disable_csp", default=False, - help="Publish website: Disable Content Security Policy header (allows your website to use third-party resources)", + help="Publish website: Disable the default Content Security Policy header (allows your website to use third-party resources)", + ) + parser.add_argument( + "--custom_csp", + metavar="custom_csp", + default=None, + help="Publish website: Set a custom Content Security Policy header", ) # Other parser.add_argument( @@ -189,6 +195,7 @@ def main(cwd=None): disable_text = args.disable_text disable_files = args.disable_files disable_csp = bool(args.disable_csp) + custom_csp = args.custom_csp verbose = bool(args.verbose) # Verbose mode? @@ -234,7 +241,15 @@ def main(cwd=None): mode_settings.set("receive", "disable_text", disable_text) mode_settings.set("receive", "disable_files", disable_files) if mode == "website": - mode_settings.set("website", "disable_csp", disable_csp) + if disable_csp and custom_csp: + print("You cannot disable the CSP and set a custom one. Either set --disable-csp or --custom-csp but not both.") + sys.exit() + if disable_csp: + mode_settings.set("website", "disable_csp", True) + mode_settings.set("website", "custom_csp", None) + if custom_csp: + mode_settings.set("website", "custom_csp", custom_csp) + mode_settings.set("website", "disable_csp", False) else: # See what the persistent mode was mode = mode_settings.get("persistent", "mode") |