Mercurial > libervia-web
annotate libervia/server/proxy.py @ 1479:095e94ca6728
pages: disable CSRF token check when service profile is used:
CSRF token check doesn't make sense when no user is logged in, and it causes trouble for
caching.
fix 400
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 22 Oct 2021 16:04:23 +0200 |
parents | 396d5606477f |
children | fc91b78b71db |
rev | line source |
---|---|
1360 | 1 #!/usr/bin/env python3 |
2 | |
3 # Libervia: a Salut à Toi frontend | |
1396 | 4 # Copyright (C) 2011-2021 Jérôme Poisson <goffi@goffi.org> |
1360 | 5 |
6 # This program is free software: you can redistribute it and/or modify | |
7 # it under the terms of the GNU Affero General Public License as published by | |
8 # the Free Software Foundation, either version 3 of the License, or | |
9 # (at your option) any later version. | |
10 | |
11 # This program is distributed in the hope that it will be useful, | |
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 # GNU Affero General Public License for more details. | |
15 | |
16 # You should have received a copy of the GNU Affero General Public License | |
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
18 from twisted.web import proxy | |
19 from twisted.python.compat import urlquote | |
1435
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
20 from twisted.internet import address |
1360 | 21 from sat.core.log import getLogger |
1435
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
22 from libervia.server.constants import Const as C |
1360 | 23 |
24 log = getLogger(__name__) | |
25 | |
26 | |
27 | |
28 class SatProxyClient(proxy.ProxyClient): | |
29 | |
30 def handleHeader(self, key, value): | |
31 if key.lower() == b"x-frame-options": | |
32 value = b"sameorigin" | |
33 elif key.lower() == b"content-security-policy": | |
34 value = value.replace(b"frame-ancestors 'none'", b"frame-ancestors 'self'") | |
35 | |
36 super().handleHeader(key, value) | |
37 | |
38 | |
39 class SatProxyClientFactory(proxy.ProxyClientFactory): | |
40 protocol = SatProxyClient | |
41 | |
42 | |
43 class SatReverseProxyResource(proxy.ReverseProxyResource): | |
44 """Resource Proxy rewritting headers to allow embedding in iframe on same domain""" | |
45 proxyClientFactoryClass = SatProxyClientFactory | |
46 | |
47 def getChild(self, path, request): | |
48 return SatReverseProxyResource( | |
49 self.host, self.port, | |
50 self.path + b'/' + urlquote(path, safe=b"").encode('utf-8'), | |
51 self.reactor | |
52 ) | |
1435
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
53 |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
54 def render(self, request): |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
55 # Forwarded and X-Forwarded-xxx headers can be set if we have behin an other proxy |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
56 if ((not request.getHeader(C.H_FORWARDED) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
57 and not request.getHeader(C.H_X_FORWARDED_HOST))): |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
58 forwarded_data = [] |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
59 addr = request.getClientAddress() |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
60 if ((isinstance(addr, address.IPv4Address) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
61 or isinstance(addr, address.IPv6Address))): |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
62 request.requestHeaders.setRawHeaders(C.H_X_FORWARDED_FOR, [addr.host]) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
63 forwarded_data.append(f"for={addr.host}") |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
64 host = request.getHeader("host") |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
65 if host is None: |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
66 port = request.getHost().port |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
67 hostname = request.getRequestHostname() |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
68 host = hostname if port in (80, 443) else f"{hostname}:{port}" |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
69 request.requestHeaders.setRawHeaders(C.H_X_FORWARDED_HOST, [host]) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
70 forwarded_data.append(f"host={host}") |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
71 proto = "https" if request.isSecure() else "http" |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
72 request.requestHeaders.setRawHeaders(C.H_X_FORWARDED_PROTO, [proto]) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
73 forwarded_data.append(f"proto={proto}") |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
74 request.requestHeaders.setRawHeaders( |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
75 C.H_FORWARDED, [";".join(forwarded_data)] |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
76 ) |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
77 |
396d5606477f
server (proxy): add "Forwarded" and "X-Forwarded-xxx" headers to reverse proxy
Goffi <goffi@goffi.org>
parents:
1396
diff
changeset
|
78 return super().render(request) |