Public/fhem-mirror
1
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-05-04 22:19:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

01_FHEMWEB.pm: new attribute csrfTokenHTTPHeader (Forum #72842)

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk/fhem@14502 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
rudolfkoenig 2017-06-13 05:10:03 +00:00
parent e7a38181c0
commit cf2e48d92b
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
FHEM/01_FHEMWEB.pm
View File

@ -144,6 +144,7 @@ FHEMWEB_Initialize($)
addHtmlTitle:1,0 addHtmlTitle:1,0
addStateEvent addStateEvent
csrfToken csrfToken
csrfTokenHTTPHeader:0,1
alarmTimeout alarmTimeout
allowedCommands allowedCommands
allowfrom allowfrom
@ -427,7 +428,8 @@ FW_Read($$)
"Access-Control-Max-Age:86400\r\n". "Access-Control-Max-Age:86400\r\n".
"Access-Control-Expose-Headers: X-FHEM-csrfToken\r\n": ""); "Access-Control-Expose-Headers: X-FHEM-csrfToken\r\n": "");
$FW_headerlines .= "X-FHEM-csrfToken: $defs{$FW_wname}{CSRFTOKEN}\r\n" $FW_headerlines .= "X-FHEM-csrfToken: $defs{$FW_wname}{CSRFTOKEN}\r\n"
if(defined($defs{$FW_wname}{CSRFTOKEN})); if(defined($defs{$FW_wname}{CSRFTOKEN}) &&
AttrVal($FW_wname, "csrfTokenHTTPHeader", 1));
######################### #########################
# Return 200 for OPTIONS or 405 for unsupported method # Return 200 for OPTIONS or 405 for unsupported method
@ -3368,6 +3370,12 @@ FW_widgetOverride($$)
none, no token is expected. Default is random for featurelevel 5.8 and none, no token is expected. Default is random for featurelevel 5.8 and
greater, and none for featurelevel below 5.8 </li><br> greater, and none for featurelevel below 5.8 </li><br>
<a name="csrfTokenHTTPHeader"></a>
<li>csrfTokenHTTPHeader<br>
If set (default), FHEMWEB sends the token with the X-FHEM-csrfToken HTTP
header, which is used by some clients. Set it to 0 to switch it off, as
a measurre against shodan.io like FHEM-detection.</li><br>
<a name="CssFiles"></a> <a name="CssFiles"></a>
<li>CssFiles<br> <li>CssFiles<br>
Space separated list of .css files to be included. The filenames Space separated list of .css files to be included. The filenames
@ -4148,6 +4156,13 @@ FW_widgetOverride($$)
gr&ouml;&szlig;er, und none f&uuml;r featurelevel kleiner 5.8 gr&ouml;&szlig;er, und none f&uuml;r featurelevel kleiner 5.8
</li><br> </li><br>
<a name="csrfTokenHTTPHeader"></a>
<li>csrfTokenHTTPHeader<br>
Falls gesetzt (Voreinstellung), FHEMWEB sendet im HTTP Header den
csrfToken als X-FHEM-csrfToken, das wird von manchen FHEM-Clients
benutzt. Mit 0 kann man das abstellen, um Sites wie shodan.io die
Erkennung von FHEM zu erschweren.</li><br>
<a name="CssFiles"></a> <a name="CssFiles"></a>
<li>CssFiles<br> <li>CssFiles<br>
Leerzeichen getrennte Liste von .css Dateien, die geladen werden. Leerzeichen getrennte Liste von .css Dateien, die geladen werden.