tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

web-identity (2635B)

      1 import importlib
      2 keys = importlib.import_module("fedcm.support.keys")
      3 
      4 def main(request, response):
      5   namespace = "/.well-known/web-identity"
      6 
      7   well_known_format = request.server.stash.take(keys.WELL_KNOWN_FORMAT_KEY, namespace)
      8 
      9   port = request.server.config.ports["https"][0]
     10   hostname = request.url_parts.hostname
     11   base_url = "https://{0}:{1}".format(hostname, str(port))
     12 
     13   manifest_url = request.server.stash.take(keys.MANIFEST_URL_IN_MANIFEST_LIST_KEY, namespace)
     14 
     15   if manifest_url is None or not len(manifest_url):
     16     manifest_url = "{0}/fedcm/support/manifest.py".format(base_url)
     17   else:
     18     try:
     19       manifest_url = manifest_url.decode()
     20     except (UnicodeDecodeError, AttributeError):
     21       pass
     22 
     23   if len(request.cookies) > 0:
     24     return (530, [], "Cookie should not be sent to manifest list endpoint")
     25   if request.headers.get(b"Accept") != b"application/json":
     26     return (531, [], "Wrong Accept")
     27   if request.headers.get(b"Sec-Fetch-Dest") != b"webidentity":
     28     return (532, [], "Wrong Sec-Fetch-Dest header")
     29   if request.headers.get(b"Referer"):
     30     return (533, [], "Should not have Referer")
     31   if request.headers.get(b"Origin"):
     32     return (534, [], "Should not have Origin")
     33   if request.headers.get(b"Sec-Fetch-Mode") != b"no-cors":
     34     return (535, [], "Wrong Sec-Fetch-Mode header")
     35   if request.headers.get(b"Sec-Fetch-Site") != b"cross-site":
     36     return (536, [], "Wrong Sec-Fetch-Site header")
     37 
     38   response.headers.set(b"Content-Type", b"application/json")
     39 
     40   # Handle different well-known formats
     41   if well_known_format:
     42     try:
     43       format_type = well_known_format.decode()
     44     except (UnicodeDecodeError, AttributeError):
     45       format_type = str(well_known_format)
     46 
     47     if format_type == "direct":
     48       # Direct endpoints format with abs URLs
     49       return """
     50 {{
     51   "accounts_endpoint": "{0}/fedcm/support/accounts.py",
     52   "login_url": "{0}/fedcm/support/login.html"
     53 }}
     54 """.format(base_url)
     55     elif format_type == "empty":
     56       # Empty endpoints (keep as empty strings)
     57       return """
     58 {
     59   "accounts_endpoint": "",
     60   "login_url": ""
     61 }
     62 """
     63     elif format_type == "missing":
     64       # Missing required endpoints
     65       return """
     66 {
     67 }
     68 """
     69     elif format_type == "partial_accounts":
     70       # Only accounts_endpoint with abs URL
     71       return """
     72 {{
     73   "accounts_endpoint": "{0}/fedcm/support/accounts.py"
     74 }}
     75 """.format(base_url)
     76     elif format_type == "partial_login":
     77       # Only login_url with abs URL
     78       return """
     79 {{
     80   "login_url": "{0}/fedcm/support/login.html"
     81 }}
     82 """.format(base_url)
     83   # Default: provider_urls
     84   return """
     85 {{
     86   "provider_urls": [
     87     "{0}"
     88   ]
     89 }}
     90 """.format(manifest_url)