| 55 | class UiServer: |
| 56 | |
| 57 | def __init__(self): |
| 58 | self.ip = config.ui_ip |
| 59 | self.port = config.ui_port |
| 60 | self.running = False |
| 61 | if self.ip == "*": |
| 62 | self.ip = "0.0.0.0" # Bind all |
| 63 | if config.ui_host: |
| 64 | self.allowed_hosts = set(config.ui_host) |
| 65 | elif config.ui_ip == "127.0.0.1": |
| 66 | # IP Addresses are inherently allowed as they are immune to DNS |
| 67 | # rebinding attacks. |
| 68 | self.allowed_hosts = set(["zero", "localhost:%s" % config.ui_port]) |
| 69 | # "URI producers and normalizers should omit the port component and |
| 70 | # its ':' delimiter if port is empty or if its value would be the |
| 71 | # same as that of the scheme's default." |
| 72 | # Source: https://tools.ietf.org/html/rfc3986#section-3.2.3 |
| 73 | # As a result, we need to support portless hosts if port 80 is in |
| 74 | # use. |
| 75 | if config.ui_port == 80: |
| 76 | self.allowed_hosts.update(["localhost"]) |
| 77 | else: |
| 78 | self.allowed_hosts = set([]) |
| 79 | self.allowed_ws_origins = set() |
| 80 | self.allow_trans_proxy = config.ui_trans_proxy |
| 81 | |
| 82 | self.wrapper_nonces = [] |
| 83 | self.add_nonces = [] |
| 84 | self.websockets = [] |
| 85 | self.site_manager = SiteManager.site_manager |
| 86 | self.sites = SiteManager.site_manager.list() |
| 87 | self.log = logging.getLogger(__name__) |
| 88 | |
| 89 | # After WebUI started |
| 90 | def afterStarted(self): |