diff options
author | Miguel Jacq <mig@mig5.net> | 2021-05-10 11:23:44 +1000 |
---|---|---|
committer | Miguel Jacq <mig@mig5.net> | 2021-05-10 11:23:44 +1000 |
commit | 2618e89eda600184fb6f640d00528d7fc642bf60 (patch) | |
tree | 12d098596f96b2e021bd353a3f7868f82554c0da /cli/onionshare_cli/web/web.py | |
parent | e067fc2963fb86afb4e51d816dea13f701cff70d (diff) | |
download | onionshare-2618e89eda600184fb6f640d00528d7fc642bf60.tar.gz onionshare-2618e89eda600184fb6f640d00528d7fc642bf60.zip |
Register the 405 error handler properly. Enforce the appropriate methods for each route (GET or POST only, with OPTIONS disabled). Add tests for invalid methods. Add a friendlier 500 internal server error handler
Diffstat (limited to 'cli/onionshare_cli/web/web.py')
-rw-r--r-- | cli/onionshare_cli/web/web.py | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/cli/onionshare_cli/web/web.py b/cli/onionshare_cli/web/web.py index d88a7e4e..f190d94d 100644 --- a/cli/onionshare_cli/web/web.py +++ b/cli/onionshare_cli/web/web.py @@ -229,6 +229,20 @@ class Web: mode.cur_history_id += 1 return self.error404(history_id) + @self.app.errorhandler(405) + def method_not_allowed(e): + mode = self.get_mode() + history_id = mode.cur_history_id + mode.cur_history_id += 1 + return self.error405(history_id) + + @self.app.errorhandler(500) + def method_not_allowed(e): + mode = self.get_mode() + history_id = mode.cur_history_id + mode.cur_history_id += 1 + return self.error500(history_id) + @self.app.route("/<password_candidate>/shutdown") def shutdown(password_candidate): """ @@ -305,6 +319,19 @@ class Web: ) return self.add_security_headers(r) + def error500(self, history_id): + self.add_request( + self.REQUEST_INDIVIDUAL_FILE_STARTED, + request.path, + {"id": history_id, "status_code": 500}, + ) + + self.add_request(Web.REQUEST_OTHER, request.path) + r = make_response( + render_template("500.html", static_url_path=self.static_url_path), 405 + ) + return self.add_security_headers(r) + def add_security_headers(self, r): """ Add security headers to a request |