more security and better nginx example

iiPythonx · Nov 24, 2024 · c71da5b · c71da5b
1 parent 0fe65a3
commit c71da5b
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -43,7 +43,10 @@ server {
     ssl_certificate_key /etc/ssl/nightwatch.key;
 
     # Setup location
-    server_name nightwatch.iipython.dev;v
+    server_name nightwatch.iipython.dev;
+    location /proxy {
+        proxy_pass http://192.168.0.1:8000;
+    }
     location /gateway {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection upgrade;

diff --git a/nightwatch/server/__main__.py b/nightwatch/server/__main__.py
@@ -31,7 +31,7 @@ def proxy_handler(connection, request):
             return connection.respond(HTTPStatus.BAD_REQUEST, "Nightwatch: Specified URI is incorrect.\n")
 
         paths = url.split("/")
-        if len(paths) < 2 or "." not in paths[-1] or paths[-1].split(".")[-1] not in PROXY_ALLOWED_SUFFIX:
+        if ".." in url or len(paths) < 2 or "." not in paths[-1] or paths[-1].split(".")[-1] not in PROXY_ALLOWED_SUFFIX:
             return connection.respond(HTTPStatus.BAD_REQUEST, "Nightwatch: Specified URI is incorrect.\n")
 
         log.info("proxy", f"Proxying to https://{url}")
@@ -46,7 +46,7 @@ def proxy_handler(connection, request):
 
                 return Response(response.status_code, "OK", Headers([
                     (k, v)
-                    for k, v in response.headers.items()
+                    for k, v in response.headers.items() if k in ["Content-Type", "Content-Length", "Cache-Control"]
                 ]), data)
 
         except RequestException: