From 5ac74635c5f624bd1a2171eec85c71a9e75fbddf Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Mon, 16 May 2022 16:20:50 -0700 Subject: [PATCH] Fixed HTTP handling when no user-agent header is present. --- views/default.handlebars | 1 + webserver.js | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/views/default.handlebars b/views/default.handlebars index 9ab15ea9..6cd0294b 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -2725,6 +2725,7 @@ if (message.localport) { url += '&localport=' + message.localport; } if (message.ip != null) { url += ('&remoteip=' + message.ip); } url += ('&appid=' + message.protocol + '&autoexit=1'); // Protocol: 0 = Custom, 1 = HTTP, 2 = HTTPS, 3 = RDP, 4 = PuTTY, 5 = WinSCP, 6 = MCRDesktop, 7 = MCRFiles + console.log(url); downloadFile(url, ''); } else if (message.tag == 'novnc') { var vncurl = window.location.origin + domainUrl + 'novnc/vnc.html?ws=wss%3A%2F%2F' + window.location.host + encodeURIComponentEx(domainUrl) + (message.localRelay?'local':'mesh') + 'relay.ashx%3Fauth%3D' + message.cookie + '&show_dot=1' + (urlargs.key?('&key=' + urlargs.key):'') + '&l={{{lang}}}'; diff --git a/webserver.js b/webserver.js index 810c8d61..72b2e943 100644 --- a/webserver.js +++ b/webserver.js @@ -5843,7 +5843,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "default-src 'none'; font-src 'self'; script-src 'self' 'unsafe-inline'" + extraScriptSrc + "; connect-src 'self'" + geourl + selfurl + "; img-src 'self' blob: data:" + geourl + " data:; style-src 'self' 'unsafe-inline'; frame-src 'self' mcrouter:; media-src 'self'; form-action 'self'" }; - if (req.headers['user-agent'].indexOf('Chrome') >= 0) { headers['Permissions-Policy'] = 'interest-cohort=()'; } // Remove Google's FLoC Network, only send this if Chrome browser + if (req.headers['user-agent'] && (req.headers['user-agent'].indexOf('Chrome') >= 0)) { headers['Permissions-Policy'] = 'interest-cohort=()'; } // Remove Google's FLoC Network, only send this if Chrome browser if ((parent.config.settings.allowframing !== true) && (typeof parent.config.settings.allowframing !== 'string')) { headers['X-Frame-Options'] = 'sameorigin'; } if ((parent.config.settings.stricttransportsecurity === true) || ((parent.config.settings.stricttransportsecurity !== false) && (obj.isTrustedCert(domain)))) { if (typeof parent.config.settings.stricttransportsecurity == 'string') { headers['Strict-Transport-Security'] = parent.config.settings.stricttransportsecurity; } else { headers['Strict-Transport-Security'] = 'max-age=63072000'; } }