mirrors/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2024-11-22 09:16:05 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #12579 from Chocobo1/headers

Browse source 
Add ability to send custom HTTP headers
This commit is contained in:
Mike Tzou 2020-04-24 12:39:18 +08:00 committed by GitHub
commit 708b9b9c1b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 124 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/base/preferences.cpp
View file

@ -743,6 +743,26 @@ void Preferences::setWebUiRootFolder(const QString &path)
setValue("Preferences/WebUI/RootFolder", path);
}
bool Preferences::isWebUICustomHTTPHeadersEnabled() const
{
return value("Preferences/WebUI/CustomHTTPHeadersEnabled", false).toBool();
}
void Preferences::setWebUICustomHTTPHeadersEnabled(const bool enabled)
{
setValue("Preferences/WebUI/CustomHTTPHeadersEnabled", enabled);
}
QString Preferences::getWebUICustomHTTPHeaders() const
{
return value("Preferences/WebUI/CustomHTTPHeaders").toString();
}
void Preferences::setWebUICustomHTTPHeaders(const QString &headers)
{
setValue("Preferences/WebUI/CustomHTTPHeaders", headers);
}
bool Preferences::isDynDNSEnabled() const
{
return value("Preferences/DynDNS/Enabled", false).toBool();

6
src/base/preferences.h
View file

@ -223,6 +223,12 @@ public:
QString getWebUiRootFolder() const;
void setWebUiRootFolder(const QString &path);
// WebUI custom HTTP headers
bool isWebUICustomHTTPHeadersEnabled() const;
void setWebUICustomHTTPHeadersEnabled(bool enabled);
QString getWebUICustomHTTPHeaders() const;
void setWebUICustomHTTPHeaders(const QString &headers);
// Dynamic DNS
bool isDynDNSEnabled() const;
void setDynDNSEnabled(bool enabled);

8
src/gui/optionsdialog.cpp
View file

@ -503,6 +503,8 @@ OptionsDialog::OptionsDialog(QWidget *parent)
connect(m_ui->DNSPasswordTxt, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
connect(m_ui->groupAltWebUI, &QGroupBox::toggled, this, &ThisType::enableApplyButton);
connect(m_ui->textWebUIRootFolder, &FileSystemPathLineEdit::selectedPathChanged, this, &ThisType::enableApplyButton);
connect(m_ui->groupWebUIAddCustomHTTPHeaders, &QGroupBox::toggled, this, &ThisType::enableApplyButton);
connect(m_ui->textWebUICustomHTTPHeaders, &QPlainTextEdit::textChanged, this, &OptionsDialog::enableApplyButton);
#endif // DISABLE_WEBUI
// RSS tab
@ -862,6 +864,9 @@ void OptionsDialog::saveOptions()
// Alternative UI
pref->setAltWebUiEnabled(m_ui->groupAltWebUI->isChecked());
pref->setWebUiRootFolder(m_ui->textWebUIRootFolder->selectedPath());
// Custom HTTP headers
pref->setWebUICustomHTTPHeadersEnabled(m_ui->groupWebUIAddCustomHTTPHeaders->isChecked());
pref->setWebUICustomHTTPHeaders(m_ui->textWebUICustomHTTPHeaders->toPlainText());
}
// End Web UI
// End preferences
@ -1242,6 +1247,9 @@ void OptionsDialog::loadOptions()
m_ui->groupAltWebUI->setChecked(pref->isAltWebUiEnabled());
m_ui->textWebUIRootFolder->setSelectedPath(pref->getWebUiRootFolder());
// Custom HTTP headers
m_ui->groupWebUIAddCustomHTTPHeaders->setChecked(pref->isWebUICustomHTTPHeadersEnabled());
m_ui->textWebUICustomHTTPHeaders->setPlainText(pref->getWebUICustomHTTPHeaders());
// End Web UI preferences
}

22
src/gui/optionsdialog.ui
View file

@ -3220,6 +3220,28 @@ Use ';' to split multiple entries. Can use wildcard '*'.</string>
</layout>
</widget>
</item>
<item>
<widget class="QGroupBox" name="groupWebUIAddCustomHTTPHeaders">
<property name="title">
<string>Add custom HTTP headers</string>
</property>
<property name="checkable">
<bool>true</bool>
</property>
<layout class="QVBoxLayout" name="verticalLayout_8">
<item>
<widget class="QPlainTextEdit" name="textWebUICustomHTTPHeaders">
<property name="lineWrapMode">
<enum>QPlainTextEdit::NoWrap</enum>
</property>
<property name="placeholderText">
<string>Header: value pairs, one per line</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QGroupBox" name="checkDynDNS">
<property name="title">

10
src/webui/api/appcontroller.cpp
View file

@ -243,6 +243,9 @@ void AppController::preferencesAction()
data["web_ui_csrf_protection_enabled"] = pref->isWebUiCSRFProtectionEnabled();
data["web_ui_secure_cookie_enabled"] = pref->isWebUiSecureCookieEnabled();
data["web_ui_host_header_validation_enabled"] = pref->isWebUIHostHeaderValidationEnabled();
// Custom HTTP headers
data["web_ui_use_custom_http_headers_enabled"] = pref->isWebUICustomHTTPHeadersEnabled();
data["web_ui_custom_http_headers"] = pref->getWebUICustomHTTPHeaders();
// Update my dynamic domain name
data["dyndns_enabled"] = pref->isDynDNSEnabled();
data["dyndns_service"] = pref->getDynDNSService();
@ -480,7 +483,7 @@ void AppController::setPreferencesAction()
if (hasKey("ip_filter_trackers"))
session->setTrackerFilteringEnabled(it.value().toBool());
if (hasKey("banned_IPs"))
session->setBannedIPs(it.value().toString().split('\n'));
session->setBannedIPs(it.value().toString().split('\n', QString::SkipEmptyParts));
// Speed
// Global Rate Limits
@ -623,6 +626,11 @@ void AppController::setPreferencesAction()
pref->setWebUiSecureCookieEnabled(it.value().toBool());
if (hasKey("web_ui_host_header_validation_enabled"))
pref->setWebUIHostHeaderValidationEnabled(it.value().toBool());
// Custom HTTP headers
if (hasKey("web_ui_use_custom_http_headers_enabled"))
pref->setWebUICustomHTTPHeadersEnabled(it.value().toBool());
if (hasKey("web_ui_custom_http_headers"))
pref->setWebUICustomHTTPHeaders(it.value().toString());
// Update my dynamic domain name
if (hasKey("dyndns_enabled"))
pref->setDynDNSEnabled(it.value().toBool());

26
src/webui/webapplication.cpp
View file

@ -347,6 +347,27 @@ void WebApplication::configure()
: QLatin1String("default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self';"))
+ (m_isClickjackingProtectionEnabled ? QLatin1String(" frame-ancestors 'self';") : QLatin1String(""))
+ (m_isHttpsEnabled ? QLatin1String(" upgrade-insecure-requests;") : QLatin1String(""));
m_useCustomHTTPHeaders = pref->isWebUICustomHTTPHeadersEnabled();
m_customHTTPHeaders.clear();
if (m_useCustomHTTPHeaders) {
const QString customHeaders = pref->getWebUICustomHTTPHeaders().trimmed();
const QVector<QStringRef> customHeaderLines = customHeaders.splitRef('\n', QString::SkipEmptyParts);
m_customHTTPHeaders.reserve(customHeaderLines.size());
for (const QStringRef &line : customHeaderLines) {
const int idx = line.indexOf(':');
if (idx < 0) {
// require separator `:` to be present even if `value` field can be empty
LogMsg(tr("Missing ':' separator in WebUI custom HTTP header: \"%1\"").arg(line.toString()), Log::WARNING);
continue;
}
const QString header = line.left(idx).trimmed().toString();
const QString value = line.mid(idx + 1).trimmed().toString();
m_customHTTPHeaders.push_back({header, value});
}
}
}
void WebApplication::registerAPIController(const QString &scope, APIController *controller)
@ -451,6 +472,11 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
if (!m_contentSecurityPolicy.isEmpty())
header(QLatin1String(Http::HEADER_CONTENT_SECURITY_POLICY), m_contentSecurityPolicy);
if (m_useCustomHTTPHeaders) {
for (const CustomHTTPHeader &customHeader : asConst(m_customHTTPHeaders))
header(customHeader.name, customHeader.value);
}
return response();
}

9
src/webui/webapplication.h
View file

@ -157,4 +157,13 @@ private:
bool m_isHostHeaderValidationEnabled;
bool m_isHttpsEnabled;
QString m_contentSecurityPolicy;
// Custom HTTP headers
struct CustomHTTPHeader
{
QString name;
QString value;
};
bool m_useCustomHTTPHeaders;
QVector<CustomHTTPHeader> m_customHTTPHeaders;
};

24
src/webui/www/private/views/preferences.html
View file

@ -787,6 +787,14 @@
</table>
</fieldset>
</fieldset>
<fieldset class="settings">
<legend>
<input type="checkbox" id="webUIUseCustomHTTPHeadersCheckbox" onclick="qBittorrent.Preferences.updateWebUICustomHTTPHeadersSettings();" />
<label for="webUIUseCustomHTTPHeadersCheckbox">QBT_TR(Add custom HTTP headers)QBT_TR[CONTEXT=OptionsDialog]</label>
</legend>
<textarea id="webUICustomHTTPHeadersTextarea" placeholder="QBT_TR(Header: value pairs, one per line)QBT_TR[CONTEXT=OptionsDialog]" style="width: 90%;"></textarea>
</fieldset>
</fieldset>
<fieldset class="settings">
@ -1139,6 +1147,7 @@
updateBypasssAuthSettings: updateBypasssAuthSettings,
updateAlternativeWebUISettings: updateAlternativeWebUISettings,
updateHostHeaderValidationSettings: updateHostHeaderValidationSettings,
updateWebUICustomHTTPHeadersSettings: updateWebUICustomHTTPHeadersSettings,
updateDynDnsSettings: updateDynDnsSettings,
registerDynDns: registerDynDns,
applyPreferences: applyPreferences
@ -1381,6 +1390,11 @@
$('webui_domain_textarea').setProperty('disabled', !isHostHeaderValidationEnabled);
};
const updateWebUICustomHTTPHeadersSettings = function() {
const isEnabled = $('webUIUseCustomHTTPHeadersCheckbox').getProperty('checked');
$('webUICustomHTTPHeadersTextarea').setProperty('disabled', !isEnabled);
};
const updateDynDnsSettings = function() {
const isDynDnsEnabled = $('use_dyndns_checkbox').getProperty('checked');
$('dyndns_select').setProperty('disabled', !isDynDnsEnabled);
@ -1737,6 +1751,11 @@
$('host_header_validation_checkbox').setProperty('checked', pref.web_ui_host_header_validation_enabled);
updateHostHeaderValidationSettings();
// Custom HTTP headers
$('webUIUseCustomHTTPHeadersCheckbox').setProperty('checked', pref.web_ui_use_custom_http_headers_enabled);
$('webUICustomHTTPHeadersTextarea').setProperty('value', pref.web_ui_custom_http_headers);
updateWebUICustomHTTPHeadersSettings();
// Update my dynamic domain name
$('use_dyndns_checkbox').setProperty('checked', pref.dyndns_enabled);
$('dyndns_select').setProperty('value', pref.dyndns_service);
@ -2100,11 +2119,16 @@
settings.set('alternative_webui_enabled', alternative_webui_enabled);
settings.set('alternative_webui_path', webui_files_location_textarea);
// Security
settings.set('web_ui_clickjacking_protection_enabled', $('clickjacking_protection_checkbox').getProperty('checked'));
settings.set('web_ui_csrf_protection_enabled', $('csrf_protection_checkbox').getProperty('checked'));
settings.set('web_ui_secure_cookie_enabled', $('secureCookieCheckbox').getProperty('checked'));
settings.set('web_ui_host_header_validation_enabled', $('host_header_validation_checkbox').getProperty('checked'));
// Custom HTTP headers
settings.set('web_ui_use_custom_http_headers_enabled', $('webUIUseCustomHTTPHeadersCheckbox').getProperty('checked'));
settings.set('web_ui_custom_http_headers', $('webUICustomHTTPHeadersTextarea').getProperty('value'));
// Update my dynamic domain name
settings.set('dyndns_enabled', $('use_dyndns_checkbox').getProperty('checked'));
settings.set('dyndns_service', $('dyndns_select').getProperty('value'));