Merge pull request HelloZeroNet#749 from MuxZeroNet/patch-3

WebSocket requests not allowed

src/Ui/UiRequest.py

@@ -93,6 +93,9 @@ def route(self, path):
  def isProxyRequest(self):
  return self.env["PATH_INFO"].startswith("http:https://")
 
+ def isWebSocket(self):
+ return self.env.get("HTTP_UPGRADE") == "websocket"
+
  def isAjaxRequest(self):
  return self.env.get("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest"
 
@@ -195,7 +198,9 @@ def actionWrapper(self, path, extra_headers=None):
  return self.actionSiteMedia("/media" + path) # Only serve html files with frame
  if self.isAjaxRequest():
  return self.error403("Ajax request not allowed to load wrapper") # No ajax allowed on wrapper
-
+ if self.isWebSocket():
+ return self.error403("WebSocket not allowed to load wrapper") # No websocket
+
  if "text/html" not in self.env["HTTP_ACCEPT"]:
  return self.error403("Invalid Accept header to load wrapper")
  if "prefetch" in self.env.get("HTTP_X_MOZ", "") or "prefetch" in self.env.get("HTTP_PURPOSE", ""):