From eeb2bbc0fcc9c5afa2c3aa12915b4d3f31115e56 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Wed, 7 Sep 2016 21:38:41 +0100 Subject: epee: optionally restrict HTTP service to a configurable user agent This is intended to catch traffic coming from a web browser, so we avoid issues with a web page sending a transfer RPC to the wallet. Requiring a particular user agent can act as a simple password scheme, while we wait for 0MQ and proper authentication to be merged. --- contrib/epee/include/net/http_client.h | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'contrib/epee/include/net/http_client.h') diff --git a/contrib/epee/include/net/http_client.h b/contrib/epee/include/net/http_client.h index 077c80230..3e8143738 100644 --- a/contrib/epee/include/net/http_client.h +++ b/contrib/epee/include/net/http_client.h @@ -638,10 +638,10 @@ using namespace std; LOG_FRAME("http_stream_filter::parse_cached_header(*)", LOG_LEVEL_4); STATIC_REGEXP_EXPR_1(rexp_mach_field, - "\n?((Connection)|(Referer)|(Content-Length)|(Content-Type)|(Transfer-Encoding)|(Content-Encoding)|(Host)|(Cookie)" - // 12 3 4 5 6 7 8 9 + "\n?((Connection)|(Referer)|(Content-Length)|(Content-Type)|(Transfer-Encoding)|(Content-Encoding)|(Host)|(Cookie)|(User-Agent)" + // 12 3 4 5 6 7 8 9 10 "|([\\w-]+?)) ?: ?((.*?)(\r?\n))[^\t ]", - //10 1112 13 + //11 1213 14 boost::regex::icase | boost::regex::normal); boost::smatch result; @@ -653,8 +653,8 @@ using namespace std; //lookup all fields and fill well-known fields while( boost::regex_search( it_current_bound, it_end_bound, result, rexp_mach_field, boost::match_default) && result[0].matched) { - const size_t field_val = 12; - //const size_t field_etc_name = 10; + const size_t field_val = 13; + //const size_t field_etc_name = 11; int i = 2; //start position = 2 if(result[i++].matched)//"Connection" @@ -675,6 +675,8 @@ using namespace std; } else if(result[i++].matched)//"Cookie" body_info.m_cookie = result[field_val]; + else if(result[i++].matched)//"User-Agent" + body_info.m_user_agent = result[field_val]; else if(result[i++].matched)//e.t.c (HAVE TO BE MATCHED!) {;} else -- cgit v1.2.3