diff options
author | Justin Clark-Casey (justincc) | 2015-03-04 17:43:00 +0000 |
---|---|---|
committer | Justin Clark-Casey (justincc) | 2015-03-04 18:27:50 +0000 |
commit | 7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda (patch) | |
tree | e50126a4e6c23ac747bf0842774538dc731d2d85 /OpenSim/Region/Framework | |
parent | usability fixes for LSL API (diff) | |
download | opensim-SC-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.zip opensim-SC-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.gz opensim-SC-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.bz2 opensim-SC-7d3bafd5abf22f5c1ea3c3d8918d9b8177693bda.tar.xz |
Add outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() script functions.
This is to address an issue where HTTP script functions could make calls to localhost and other endpoints inside the simulator's LAN.
By default, calls to all private addresses are now blocked as per http://en.wikipedia.org/wiki/Reserved_IP_addresses
If you require exceptions to this, configure [Network] OutboundDisallowForUserScriptsExcept in OpenSim.ini
Diffstat (limited to '')
-rw-r--r-- | OpenSim/Region/Framework/Interfaces/IHttpRequests.cs | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/OpenSim/Region/Framework/Interfaces/IHttpRequests.cs b/OpenSim/Region/Framework/Interfaces/IHttpRequests.cs index 113dcd7..124504c 100644 --- a/OpenSim/Region/Framework/Interfaces/IHttpRequests.cs +++ b/OpenSim/Region/Framework/Interfaces/IHttpRequests.cs | |||
@@ -25,6 +25,7 @@ | |||
25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 | */ | 26 | */ |
27 | 27 | ||
28 | using System; | ||
28 | using System.Collections.Generic; | 29 | using System.Collections.Generic; |
29 | using OpenMetaverse; | 30 | using OpenMetaverse; |
30 | 31 | ||
@@ -41,10 +42,44 @@ namespace OpenSim.Region.Framework.Interfaces | |||
41 | HTTP_PRAGMA_NO_CACHE = 6 | 42 | HTTP_PRAGMA_NO_CACHE = 6 |
42 | } | 43 | } |
43 | 44 | ||
45 | /// <summary> | ||
46 | /// The initial status of the request before it is placed on the wire. | ||
47 | /// </summary> | ||
48 | /// <remarks> | ||
49 | /// The request may still fail later on, in which case the normal HTTP status is set. | ||
50 | /// </remarks> | ||
51 | [Flags] | ||
52 | public enum HttpInitialRequestStatus | ||
53 | { | ||
54 | OK = 1, | ||
55 | DISALLOWED_BY_FILTER = 2 | ||
56 | } | ||
57 | |||
44 | public interface IHttpRequestModule | 58 | public interface IHttpRequestModule |
45 | { | 59 | { |
46 | UUID MakeHttpRequest(string url, string parameters, string body); | 60 | UUID MakeHttpRequest(string url, string parameters, string body); |
47 | UUID StartHttpRequest(uint localID, UUID itemID, string url, List<string> parameters, Dictionary<string, string> headers, string body); | 61 | |
62 | /// <summary> | ||
63 | /// Starts the http request. | ||
64 | /// </summary> | ||
65 | /// <remarks> | ||
66 | /// This is carried out asynchronously unless it fails initial checks. Results are fetched by the script engine | ||
67 | /// HTTP requests module to be distributed back to scripts via a script event. | ||
68 | /// </remarks> | ||
69 | /// <returns>The ID of the request. If the requested could not be performed then this is UUID.Zero</returns> | ||
70 | /// <param name="localID">Local ID of the object containing the script making the request.</param> | ||
71 | /// <param name="itemID">Item ID of the script making the request.</param> | ||
72 | /// <param name="url">Url to request.</param> | ||
73 | /// <param name="parameters">LSL parameters for the request.</param> | ||
74 | /// <param name="headers">Extra headers for the request.</param> | ||
75 | /// <param name="body">Body of the request.</param> | ||
76 | /// <param name="status"> | ||
77 | /// Initial status of the request. If OK then the request is actually made to the URL. Subsequent status is | ||
78 | /// then returned via IServiceRequest when the response is asynchronously fetched. | ||
79 | /// </param> | ||
80 | UUID StartHttpRequest( | ||
81 | uint localID, UUID itemID, string url, List<string> parameters, Dictionary<string, string> headers, string body, | ||
82 | out HttpInitialRequestStatus status); | ||
48 | 83 | ||
49 | /// <summary> | 84 | /// <summary> |
50 | /// Stop and remove all http requests for the given script. | 85 | /// Stop and remove all http requests for the given script. |