github_mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2025-02-02 23:28:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

sync: cross origin + small gui updates

Browse Source
This commit is contained in:
KernelDeimos 2024-08-08 21:24:10 -04:00
parent 783cf57934
commit e60632343b
3 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/backend/src/services/WebServerService.js
View File

@ -362,13 +362,12 @@ class WebServerService extends BaseService {
app.use(helmet.xssFilter()); app.use(helmet.xssFilter());
// app.use(helmet.referrerPolicy()); // app.use(helmet.referrerPolicy());
app.disable('x-powered-by'); app.disable('x-powered-by');
const uaParser = require('ua-parser-js'); const uaParser = require('ua-parser-js');
app.use(function (req, res, next) { app.use(function (req, res, next) {
const ua_header = req.headers['user-agent']; const ua_header = req.headers['user-agent'];
const ua = uaParser(ua_header); const ua = uaParser(ua_header);
req.ua = ua; req.ua = ua;
console.log('\x1B[26;1m===== UA =====\x1B[0m', ua);
next(); next();
}); });
@ -382,11 +381,20 @@ class WebServerService extends BaseService {
app.use(function (req, res, next) { app.use(function (req, res, next) {
const origin = req.headers.origin; const origin = req.headers.origin;
const is_site = req.hostname.endsWith(config.static_hosting_domain); const is_site =
req.hostname.endsWith(config.static_hosting_domain) ||
req.hostname === 'docs.puter.com'
;
const is_popup = !! req.query.embedded_in_popup; const is_popup = !! req.query.embedded_in_popup;
const is_parent_co = !! req.query.cross_origin_isolated;
const co_isolation_okay = !is_popup && (is_site || req.co_isolation_enabled); const is_app = !! req.query['puter.app_instance_id'];
const co_isolation_okay =
(!is_popup || is_parent_co) &&
(is_app || !is_site) &&
req.co_isolation_enabled
;
if ( req.path === '/signup' || req.path === '/login' ) { if ( req.path === '/signup' || req.path === '/login' ) {
res.setHeader('Access-Control-Allow-Origin', origin ?? '*'); res.setHeader('Access-Control-Allow-Origin', origin ?? '*');
} }

5
src/gui/src/IPC.js
View File

@ -497,6 +497,11 @@ window.addEventListener('message', async (event) => {
if(!window.menubars[event.data.appInstanceID]) if(!window.menubars[event.data.appInstanceID])
window.menubars[event.data.appInstanceID] = value.items; window.menubars[event.data.appInstanceID] = value.items;
// disable system context menu
$menubar.on('contextmenu', (e) => {
e.preventDefault();
});
const sanitize_items = items => { const sanitize_items = items => {
return items.map(item => { return items.map(item => {
// Check if the item is just '-' // Check if the item is just '-'

2
src/puter-js/src/modules/UI.js
View File

@ -468,7 +468,7 @@ class UI extends EventListener {
let fpath = URLParams.get('puter.item.path'); let fpath = URLParams.get('puter.item.path');
if(!fpath.startsWith('~/') && !fpath.startsWith('/')) if(!fpath.startsWith('~/') && !fpath.startsWith('/'))
fpath = '~/' + fpath fpath = '~/' + fpath;
callback([new FSItem({ callback([new FSItem({
name: URLParams.get('puter.item.name'), name: URLParams.get('puter.item.name'),