Update Content-Security-Policy header and fix metrics and ping data retrieval

2026-05-24 09:28:37 +00:00 · 2024-02-21 11:05:42 +01:00 · 2024-02-21 11:05:42 +01:00 · cc0abda3f0
commit cc0abda3f0
parent 638df130ec
2 changed files with 12 additions and 13 deletions
--- a/src/ui/main.py
+++ b/src/ui/main.py
@ -291,7 +291,7 @@ def manage_bunkerweb(method: str, *args, operation: str = "reloads", is_draft: b
@app.after_request
 def set_csp_header(response):
    """Set the Content-Security-Policy header to prevent XSS attacks."""
-    response.headers["Content-Security-Policy"] = "object-src 'none'; frame-ancestors 'self';"
+    response.headers["Content-Security-Policy"] = "object-src 'none'; frame-ancestors 'self'; default-src 'self'"
    return response


@ -1281,7 +1281,7 @@ def custom_plugin(plugin: str):
            message = f'The plugin "{plugin}" does not have a template'
            app.logger.error(message)
            return message, 404
-        
+
        # Case template, prepare data
        plugins = app.config["CONFIG"].get_plugins()
        plugin_id = None
@ -1302,13 +1302,13 @@ def custom_plugin(plugin: str):
            message = f'Plugin "{plugin}" not found'
            app.logger.error(message)
            return message, 404
-        
+
        config = app.config["CONFIG"].get_config(methods=False)

        # Check if we are using metrics
        for service in config.get("SERVER_NAME", "").split(" "):
            # specific case
-            if config.get(f"{service}_USE_METRICS", "no") != "no":
+            if config.get(f"{service}_USE_METRICS", "yes") != "no":
                is_metrics_on = True
                break

@ -1351,7 +1351,6 @@ def custom_plugin(plugin: str):
            if config.get(use_key, "no") != "no":
                is_used = True

-        
        if context == "multisite":
            for service in config.get("SERVER_NAME", "").split(" "):
                # specific case
@ -1367,7 +1366,6 @@ def custom_plugin(plugin: str):
                if config.get(f"{service}_{use_key}", "no") != "no":
                    is_used = True
                    break
-                

            return render_template(
                Environment(loader=FileSystemLoader(join(sep, "usr", "share", "bunkerweb", "ui", "templates") + "/")).from_string(page.decode("utf-8")),
@ -1382,7 +1380,6 @@ def custom_plugin(plugin: str):
                plugins_pro=PRO_PLUGINS_LIST,
            )

-
    module = db.get_plugin_actions(plugin)

    if module is None:
--- a/src/ui/src/Instances.py
+++ b/src/ui/src/Instances.py
@ -382,6 +382,8 @@ class Instances:
        # Get metrics from all instances
        metrics = {}
        for instance in self.get_instances():
+            instance_name = instance.name if instance.name != "local" else "127.0.0.1"
+
            try:
                if plugin_id == "redis":
                    resp, instance_metrics = instance.metrics_redis()
@ -394,10 +396,10 @@ class Instances:
            if not resp:
                continue

-            if not instance_metrics.get(instance.name, {"msg": None})["msg"] or not isinstance(instance_metrics[instance.name]["msg"], dict) or instance_metrics[instance.name]["status"] != "success":
+            if not isinstance(instance_metrics.get(instance_name, {"msg": None}).get("msg"), dict) or instance_metrics[instance_name].get("status", "error") != "success":
                continue

-            metric_data = instance_metrics[instance.name]["msg"]
+            metric_data = instance_metrics[instance_name]["msg"]

            # Update metrics looking for value type
            for key, value in metric_data.items():
@ -436,17 +438,17 @@ class Instances:
        # Need at least one instance to get a success ping to return success
        ping = {"status": "error"}
        for instance in self.get_instances():
+            instance_name = instance.name if instance.name != "local" else "127.0.0.1"
+
            try:
                resp, ping_data = instance.ping(plugin_id)
            except:
                continue

-            if not resp:
-                continue
-            if instance.name not in ping_data or ping_data[instance.name]["msg"] is None:
+            if not resp or not isinstance(ping_data.get(instance_name, {"msg": None}).get("msg"), dict):
                continue

-            if ping_data[instance.name]["status"] == "success":
+            if ping_data[instance_name].get("status", "error") == "success":
                ping["status"] = "success"
                break