tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

permissions.py (2263B)

      1 """Methods for the interest group cross-origin permissions endpoint."""
      2 import json
      3 import re
      4 
      5 from fledge.tentative.resources import fledge_http_server_util
      6 
      7 SUBDOMAIN_WWW = 'www'
      8 SUBDOMAIN_WWW1 = 'www1'
      9 SUBDOMAIN_WWW2 = 'www2'
     10 SUBDOMAIN_FRENCH = 'élève'.encode('idna').decode()
     11 SUBDOMAIN_JAPANESE = '天気の良い日'.encode('idna').decode()
     12 ALL_SUBDOMAINS = [SUBDOMAIN_WWW, SUBDOMAIN_WWW1, SUBDOMAIN_WWW2,
     13                  SUBDOMAIN_FRENCH, SUBDOMAIN_JAPANESE]
     14 
     15 def get_permissions(request, response):
     16  """Returns JSON object containing interest group cross-origin permissions.
     17 
     18  The structure returned is described in more detail at
     19  https://github.com/WICG/turtledove/blob/main/FLEDGE.md#13-permission-delegation.
     20  This correctly handles requests issued in CORS mode.
     21 
     22  This .well-known is fetched at the origin of the interest group's owner, and
     23  specifies as a URL parameter the origin of frame that's attempting to join or
     24  leave that interest group.
     25 
     26  This is implemented such that the origin of the frame is ignored altogether,
     27  and the determination of which operations are allowed depends strictly on the
     28  origin of the interest group owner, and specifically on the subdomain of the
     29  origin of the interest group owner. wptserve serves each of its two domains
     30  at both the raw domain and each of five subdomains.
     31 
     32  - www: disallows both join and leave
     33  - www1: allows join, but not leave
     34  - www2: allows leave, but not join
     35  - 天気の良い日 / élève: allow both join and leave
     36  - anything else (including no subdomain): returns a 404
     37  """
     38  if fledge_http_server_util.handle_cors_headers_fail_if_preflight(request, response):
     39    return
     40 
     41  first_domain_label = re.search(r"[^.]*", request.url_parts.netloc).group(0)
     42  if first_domain_label not in ALL_SUBDOMAINS:
     43    response.status = (404, b"Not Found")
     44    response.content = "Not Found"
     45    return
     46 
     47  response.status = (200, b"OK")
     48  response.headers.set(b"Content-Type", b"application/json")
     49  response.content = json.dumps({
     50      "joinAdInterestGroup": first_domain_label in [
     51          SUBDOMAIN_WWW1, SUBDOMAIN_FRENCH, SUBDOMAIN_JAPANESE],
     52      "leaveAdInterestGroup": first_domain_label in [
     53          SUBDOMAIN_WWW2, SUBDOMAIN_FRENCH, SUBDOMAIN_JAPANESE],
     54  })