From b103e09a5e4f72c9224f1c605e4caf06333cf0d9 Mon Sep 17 00:00:00 2001 From: Damien Elmes Date: Fri, 8 Dec 2023 12:43:09 +1000 Subject: [PATCH] Fix non-local .html testing --- qt/aqt/mediasrv.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/qt/aqt/mediasrv.py b/qt/aqt/mediasrv.py index d18d128ae..8cb6a55cb 100644 --- a/qt/aqt/mediasrv.py +++ b/qt/aqt/mediasrv.py @@ -289,9 +289,10 @@ def handle_request(pathin: str) -> Response: allowed_prefixes = ("127.0.0.1:", "localhost:", "[::1]:") if not any(host.startswith(prefix) for prefix in allowed_prefixes): # while we only bind to localhost, this request may have come from a local browser - # via a DNS rebinding attack - print("deny non-local host", host) - abort(403) + # via a DNS rebinding attack; deny it unless we're doing non-local testing + if os.environ.get("ANKI_API_HOST") != "0.0.0.0": + print("deny non-local host", host) + abort(403) req = _extract_request(pathin) if dev_mode: