diff --git a/cmd/gomuks/main.go b/cmd/gomuks/main.go index 6dc7d85..e11657c 100644 --- a/cmd/gomuks/main.go +++ b/cmd/gomuks/main.go @@ -20,6 +20,7 @@ import ( "fmt" "os" + "go.mau.fi/util/exhttp" flag "maunium.net/go/mauflag" "go.mau.fi/gomuks/pkg/gomuks" @@ -33,6 +34,7 @@ var wantVersion = flag.MakeFull("v", "version", "View gomuks version and quit.", func main() { hicli.InitialDeviceDisplayName = "gomuks web" + exhttp.AutoAllowCORS = false flag.SetHelpTitles( "gomuks - A Matrix client written in Go.", "gomuks [-hv]", diff --git a/desktop/go.mod b/desktop/go.mod index 52a8af4..7268ece 100644 --- a/desktop/go.mod +++ b/desktop/go.mod @@ -6,7 +6,10 @@ toolchain go1.23.3 require github.com/wailsapp/wails/v3 v3.0.0-alpha.7 -require go.mau.fi/gomuks v0.3.1 +require ( + go.mau.fi/gomuks v0.3.1 + go.mau.fi/util v0.8.3-0.20241207221539-07bba6a0c5eb +) require ( dario.cat/mergo v1.0.0 // indirect @@ -59,7 +62,6 @@ require ( github.com/wailsapp/mimetype v1.4.1 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/yuin/goldmark v1.7.8 // indirect - go.mau.fi/util v0.8.2 // indirect go.mau.fi/zeroconfig v0.1.3 // indirect golang.org/x/crypto v0.29.0 // indirect golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect diff --git a/desktop/go.sum b/desktop/go.sum index 9d1f340..63be3f6 100644 --- a/desktop/go.sum +++ b/desktop/go.sum @@ -160,8 +160,8 @@ github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic= github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= -go.mau.fi/util v0.8.2 h1:zWbVHwdRKwI6U9AusmZ8bwgcLosikwbb4GGqLrNr1YE= -go.mau.fi/util v0.8.2/go.mod h1:BHHC9R2WLMJd1bwTZfTcFxUgRFmUgUmiWcT4RbzUgiA= +go.mau.fi/util v0.8.3-0.20241207221539-07bba6a0c5eb h1:/iKi+4aRvd8LZJ3z1UQjxmFdDVfJuDWClc/4MToWnSY= +go.mau.fi/util v0.8.3-0.20241207221539-07bba6a0c5eb/go.mod h1:BHHC9R2WLMJd1bwTZfTcFxUgRFmUgUmiWcT4RbzUgiA= go.mau.fi/zeroconfig v0.1.3 h1:As9wYDKmktjmNZW5i1vn8zvJlmGKHeVxHVIBMXsm4kM= go.mau.fi/zeroconfig v0.1.3/go.mod h1:NcSJkf180JT+1IId76PcMuLTNa1CzsFFZ0nBygIQM70= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= diff --git a/desktop/main.go b/desktop/main.go index c841ca7..2046017 100644 --- a/desktop/main.go +++ b/desktop/main.go @@ -26,6 +26,7 @@ import ( "runtime" "github.com/wailsapp/wails/v3/pkg/application" + "go.mau.fi/util/exhttp" "go.mau.fi/gomuks/pkg/gomuks" "go.mau.fi/gomuks/pkg/hicli" @@ -100,6 +101,7 @@ func main() { gmx.LinkifiedVersion = version.LinkifiedVersion gmx.BuildTime = version.ParsedBuildTime gmx.DisableAuth = true + exhttp.AutoAllowCORS = false hicli.InitialDeviceDisplayName = "gomuks desktop" gmx.InitDirectories() diff --git a/go.mod b/go.mod index de86e44..a6ce8f4 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/tidwall/gjson v1.18.0 github.com/tidwall/sjson v1.2.5 github.com/yuin/goldmark v1.7.8 - go.mau.fi/util v0.8.2 + go.mau.fi/util v0.8.3-0.20241207221539-07bba6a0c5eb go.mau.fi/zeroconfig v0.1.3 golang.org/x/crypto v0.29.0 golang.org/x/image v0.22.0 diff --git a/go.sum b/go.sum index 6c0cd68..f83e049 100644 --- a/go.sum +++ b/go.sum @@ -63,8 +63,8 @@ github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic= github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= -go.mau.fi/util v0.8.2 h1:zWbVHwdRKwI6U9AusmZ8bwgcLosikwbb4GGqLrNr1YE= -go.mau.fi/util v0.8.2/go.mod h1:BHHC9R2WLMJd1bwTZfTcFxUgRFmUgUmiWcT4RbzUgiA= +go.mau.fi/util v0.8.3-0.20241207221539-07bba6a0c5eb h1:/iKi+4aRvd8LZJ3z1UQjxmFdDVfJuDWClc/4MToWnSY= +go.mau.fi/util v0.8.3-0.20241207221539-07bba6a0c5eb/go.mod h1:BHHC9R2WLMJd1bwTZfTcFxUgRFmUgUmiWcT4RbzUgiA= go.mau.fi/zeroconfig v0.1.3 h1:As9wYDKmktjmNZW5i1vn8zvJlmGKHeVxHVIBMXsm4kM= go.mau.fi/zeroconfig v0.1.3/go.mod h1:NcSJkf180JT+1IId76PcMuLTNa1CzsFFZ0nBygIQM70= golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= diff --git a/pkg/gomuks/server.go b/pkg/gomuks/server.go index 106124d..7c2c8f2 100644 --- a/pkg/gomuks/server.go +++ b/pkg/gomuks/server.go @@ -249,12 +249,6 @@ func (gmx *Gomuks) Authenticate(w http.ResponseWriter, r *http.Request) { } } -func isUserFetch(header http.Header) bool { - return header.Get("Sec-Fetch-Mode") == "navigate" && - header.Get("Sec-Fetch-Dest") == "document" && - header.Get("Sec-Fetch-User") == "?1" -} - func isImageFetch(header http.Header) bool { return header.Get("Sec-Fetch-Site") == "cross-site" && header.Get("Sec-Fetch-Mode") == "no-cors" && @@ -269,17 +263,6 @@ func (gmx *Gomuks) AuthMiddleware(next http.Handler) http.Handler { r.URL.Query().Get("encrypted") == "false" { next.ServeHTTP(w, r) return - } else if r.Header.Get("Sec-Fetch-Site") != "" && - r.Header.Get("Sec-Fetch-Site") != "same-origin" && - !isUserFetch(r.Header) { - hlog.FromRequest(r).Debug(). - Str("site", r.Header.Get("Sec-Fetch-Site")). - Str("dest", r.Header.Get("Sec-Fetch-Dest")). - Str("mode", r.Header.Get("Sec-Fetch-Mode")). - Str("user", r.Header.Get("Sec-Fetch-User")). - Msg("Invalid Sec-Fetch-Site header") - ErrInvalidHeader.WithMessage("Invalid Sec-Fetch-Site header").Write(w) - return } if r.URL.Path != "/auth" { authCookie, err := r.Cookie("gomuks_auth")