diff options
Diffstat (limited to 'onionshare/web.py')
-rw-r--r-- | onionshare/web.py | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/onionshare/web.py b/onionshare/web.py index 103ddb1f..d16ca251 100644 --- a/onionshare/web.py +++ b/onionshare/web.py @@ -26,6 +26,7 @@ import queue import socket import sys import tempfile +import base64 from distutils.version import LooseVersion as Version from urllib.request import urlopen @@ -58,7 +59,7 @@ zip_filename = None zip_filesize = None security_headers = [ - ('Content-Security-Policy', 'default-src \'self\'; style-src \'unsafe-inline\'; img-src \'self\' data:;'), + ('Content-Security-Policy', 'default-src \'self\'; style-src \'unsafe-inline\'; script-src \'unsafe-inline\'; img-src \'self\' data:;'), ('X-Frame-Options', 'DENY'), ('X-Xss-Protection', '1; mode=block'), ('X-Content-Type-Options', 'nosniff'), @@ -125,6 +126,12 @@ def add_request(request_type, path, data=None): }) +# Load and base64 encode images to pass into templates +favicon_b64 = base64.b64encode(open(common.get_resource_path('images/favicon.ico'), 'rb').read()).decode() +logo_b64 = base64.b64encode(open(common.get_resource_path('images/logo.png'), 'rb').read()).decode() +folder_b64 = base64.b64encode(open(common.get_resource_path('images/web_folder.png'), 'rb').read()).decode() +file_b64 = base64.b64encode(open(common.get_resource_path('images/web_file.png'), 'rb').read()).decode() + slug = None @@ -206,7 +213,10 @@ def index(slug_candidate): global stay_open, download_in_progress deny_download = not stay_open and download_in_progress if deny_download: - r = make_response(render_template_string(open(common.get_resource_path('html/denied.html')).read())) + r = make_response(render_template_string( + open(common.get_resource_path('html/denied.html')).read(), + favicon_b64=favicon_b64 + )) for header, value in security_headers: r.headers.set(header, value) return r @@ -215,6 +225,10 @@ def index(slug_candidate): r = make_response(render_template_string( open(common.get_resource_path('html/index.html')).read(), + favicon_b64=favicon_b64, + logo_b64=logo_b64, + folder_b64=folder_b64, + file_b64=file_b64, slug=slug, file_info=file_info, filename=os.path.basename(zip_filename), @@ -243,7 +257,10 @@ def download(slug_candidate): global stay_open, download_in_progress, done deny_download = not stay_open and download_in_progress if deny_download: - r = make_response(render_template_string(open(common.get_resource_path('html/denied.html')).read())) + r = make_response(render_template_string( + open(common.get_resource_path('html/denied.html')).read(), + favicon_b64=favicon_b64 + )) for header,value in security_headers: r.headers.set(header, value) return r @@ -357,7 +374,10 @@ def page_not_found(e): force_shutdown() print(strings._('error_rate_limit')) - r = make_response(render_template_string(open(common.get_resource_path('html/404.html')).read()), 404) + r = make_response(render_template_string( + open(common.get_resource_path('html/404.html')).read(), + favicon_b64=favicon_b64 + ), 404) for header, value in security_headers: r.headers.set(header, value) return r |