diff options
author | Micah Lee <micah@micahflee.com> | 2021-11-23 18:44:14 -0800 |
---|---|---|
committer | Micah Lee <micah@micahflee.com> | 2021-11-23 18:44:14 -0800 |
commit | a4985e7029df1d1e3d569dca09fd85afe6402dc8 (patch) | |
tree | a82f3a50c9c377897905b8427468e3a4e352425b /desktop/src | |
parent | 1d0d30458cd10cf4536c616253036c29759ac29d (diff) | |
parent | dbae142a873c0bb326d0b6fa9ab3a4872280fe9b (diff) | |
download | onionshare-a4985e7029df1d1e3d569dca09fd85afe6402dc8.tar.gz onionshare-a4985e7029df1d1e3d569dca09fd85afe6402dc8.zip |
Support sending a custom Content-Security-Policy header in Website mode
Diffstat (limited to 'desktop/src')
-rw-r--r-- | desktop/src/onionshare/resources/locale/en.json | 5 | ||||
-rw-r--r-- | desktop/src/onionshare/tab/mode/website_mode/__init__.py | 54 |
2 files changed, 56 insertions, 3 deletions
diff --git a/desktop/src/onionshare/resources/locale/en.json b/desktop/src/onionshare/resources/locale/en.json index d405c702..f8c4cd2b 100644 --- a/desktop/src/onionshare/resources/locale/en.json +++ b/desktop/src/onionshare/resources/locale/en.json @@ -203,7 +203,8 @@ "mode_settings_receive_disable_text_checkbox": "Disable submitting text", "mode_settings_receive_disable_files_checkbox": "Disable uploading files", "mode_settings_receive_webhook_url_checkbox": "Use notification webhook", - "mode_settings_website_disable_csp_checkbox": "Don't send Content Security Policy header (allows your website to use third-party resources)", + "mode_settings_website_disable_csp_checkbox": "Don't send default Content Security Policy header (allows your website to use third-party resources)", + "mode_settings_website_custom_csp_checkbox": "Send a custom Content Security Policy header", "gui_all_modes_transfer_finished_range": "Transferred {} - {}", "gui_all_modes_transfer_finished": "Transferred {}", "gui_all_modes_transfer_canceled_range": "Canceled {} - {}", @@ -232,4 +233,4 @@ "moat_captcha_error": "The solution is not correct. Please try again.", "moat_solution_empty_error": "You must enter the characters from the image", "mode_tor_not_connected_label": "OnionShare is not connected to the Tor network" -}
\ No newline at end of file +} diff --git a/desktop/src/onionshare/tab/mode/website_mode/__init__.py b/desktop/src/onionshare/tab/mode/website_mode/__init__.py index 73c4bad2..0acbc1a2 100644 --- a/desktop/src/onionshare/tab/mode/website_mode/__init__.py +++ b/desktop/src/onionshare/tab/mode/website_mode/__init__.py @@ -49,6 +49,7 @@ class WebsiteMode(Mode): self.web = Web(self.common, True, self.settings, "website") # Settings + # Disable CSP option self.disable_csp_checkbox = QtWidgets.QCheckBox() self.disable_csp_checkbox.clicked.connect(self.disable_csp_checkbox_clicked) self.disable_csp_checkbox.setText( @@ -63,6 +64,26 @@ class WebsiteMode(Mode): self.disable_csp_checkbox ) + # Custom CSP option + self.custom_csp_checkbox = QtWidgets.QCheckBox() + self.custom_csp_checkbox.clicked.connect(self.custom_csp_checkbox_clicked) + self.custom_csp_checkbox.setText(strings._("mode_settings_website_custom_csp_checkbox")) + if self.settings.get("website", "custom_csp") and not self.settings.get("website", "disable_csp"): + self.custom_csp_checkbox.setCheckState(QtCore.Qt.Checked) + else: + self.custom_csp_checkbox.setCheckState(QtCore.Qt.Unchecked) + self.custom_csp = QtWidgets.QLineEdit() + self.custom_csp.setPlaceholderText( + "default-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; img-src 'self' data:;" + ) + self.custom_csp.editingFinished.connect(self.custom_csp_editing_finished) + + custom_csp_layout = QtWidgets.QHBoxLayout() + custom_csp_layout.setContentsMargins(0, 0, 0, 0) + custom_csp_layout.addWidget(self.custom_csp_checkbox) + custom_csp_layout.addWidget(self.custom_csp) + self.mode_settings_widget.mode_specific_layout.addLayout(custom_csp_layout) + # File selection self.file_selection = FileSelection( self.common, @@ -181,11 +202,42 @@ class WebsiteMode(Mode): def disable_csp_checkbox_clicked(self): """ - Save disable CSP setting to the tab settings + Save disable CSP setting to the tab settings. Uncheck 'custom CSP' + setting if disabling CSP altogether. """ self.settings.set( "website", "disable_csp", self.disable_csp_checkbox.isChecked() ) + if self.disable_csp_checkbox.isChecked(): + self.custom_csp_checkbox.setCheckState(QtCore.Qt.Unchecked) + self.custom_csp_checkbox.setEnabled(False) + else: + self.custom_csp_checkbox.setEnabled(True) + + def custom_csp_checkbox_clicked(self): + """ + Uncheck 'disable CSP' setting if custom CSP is used. + """ + if self.custom_csp_checkbox.isChecked(): + self.disable_csp_checkbox.setCheckState(QtCore.Qt.Unchecked) + self.disable_csp_checkbox.setEnabled(False) + self.settings.set( + "website", "custom_csp", self.custom_csp + ) + else: + self.disable_csp_checkbox.setEnabled(True) + self.custom_csp.setText("") + self.settings.set( + "website", "custom_csp", None + ) + + def custom_csp_editing_finished(self): + if self.custom_csp.text().strip() == "": + self.custom_csp.setText("") + self.settings.set("website", "custom_csp", None) + else: + custom_csp = self.custom_csp.text() + self.settings.set("website", "custom_csp", custom_csp) def get_stop_server_autostop_timer_text(self): """ |