From 2ec338341eebdac1ed7c191dc63ce9424de42cd0 Mon Sep 17 00:00:00 2001
From: antelle <dmitryvit@gmail.com>
Date: Tue, 23 May 2017 23:38:03 +0200
Subject: [PATCH] keewebhttp: drop malicious requests

---
 docs/plugins/keewebhttp/manifest.json |  2 +-
 docs/plugins/keewebhttp/plugin.js     | 14 ++++++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/docs/plugins/keewebhttp/manifest.json b/docs/plugins/keewebhttp/manifest.json
index 42d8fd4..f331dfe 100644
--- a/docs/plugins/keewebhttp/manifest.json
+++ b/docs/plugins/keewebhttp/manifest.json
@@ -11,7 +11,7 @@
   "licence": "MIT",
   "url": "https://plugins.keeweb.info/plugins/keewebhttp",
   "resources": {
-    "js": "iTzPUSfTwTOP0zjeZHi8xNzmEg357fHuBQ4kHDlFqu4Svn5tZoseSm/XI9rscKnM5EudOAKhsJfck6Z0N3hTw3Ih3LAYlik6ltpI6P1hU0KP0j9L6bcrCndEoH/BZy7iaJiZqIvQHoRy7NHNf26Bbq6W4VO1bBcx8sH3H7GnaQEGHj2zS68KRTDwVR2QIErLTtOQvwuiSZCUwyZYilvDIM1wGcKi6TDzSz38MHNIyx4X/n7uHV63ToZSB6ipcF6HpoAKGkXKBWaXosqy3LoDPAzif5EZzv7JQGB2dAtpOoq2G5grUA5YZrIQ/SSNfREWUDom7Xj1HCNb59RxViOR+Q=="
+    "js": "LOKItHFTqpYOrqC5L7/P75w7r1sBMl1ZSGIdta3ifcIOQ7BJKAIH1cMNtjGuMIVZWLM7w3APjLwoeQ3pBzw91m09yGeBFY/aMQimVUJ9HV/NKls7YZN48sBtkkdR5ByIXSxniDbHsUIQJgOeTsNyDPy9jCN3tko/jO9tNG4cSgB5O77A0OYVZEbV8MtKwGgr6MNGG4mRdg+dN/23Xd+O8zgFrqCADXUjnMAQ+13y0upnIPbO6Ory1Ou7vtzssqSIpakkpxvnGqV/S25lxzLsdwtqQZRGJB4RJrY1SiB6FjZT0YuN1LqfugWEyIRbeyzdNMo7oCEiwfGR7vFnODq3kg=="
   },
   "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oZB2Kt7AzRFNqf8FuO3C3kepHPAIQYiDPYdQxHcsiaFCwyKVx6K1cE/3vBhb8/2rj+QIIWNfAAuu1Y+2VK90ZBeq6HciukWzQRO/HWhfdy0c7JwDAslmyGI5olj0ZQkNLhkde1MiMxjDPpRhZtdJaryVO5cFJaJESpv3dV6m0qXsaQCluWYOSNfSjP9C8o2zRVjSi3ZQZnZIV5pnk9K2MtlZIPXrN9iJiM5zZ9DTSnqApI6dC9mX4R3LvGN+GTovm9C8Crl+qb106nGRR3LcweicDnPyMtZLa/E0DBpWYxUVLDp6WeLhxoUBr+6+t3Xp9IDnPoANDQXJXD0f1vQxQIDAQAB",
   "desktop": true,
diff --git a/docs/plugins/keewebhttp/plugin.js b/docs/plugins/keewebhttp/plugin.js
index 8e10a0b..f74c41f 100644
--- a/docs/plugins/keewebhttp/plugin.js
+++ b/docs/plugins/keewebhttp/plugin.js
@@ -52,6 +52,16 @@ function run() {
             return;
         }
         server = http.createServer((req, res) => {
+            const origin = req.headers.origin;
+            const referer = req.headers.referrer || req.headers.referer;
+            if (req.method !== 'POST' || referer || origin && !origin.startsWith('chrome-extension://')) {
+                if (DebugMode) {
+                    logger.debug('Request dropped', req.method, req.url, req.headers);
+                }
+                req.client.destroy();
+                res.end();
+                return;
+            }
             if (req.method === 'POST') {
                 const body = [];
                 req.on('data', data => body.push(data));
@@ -71,10 +81,6 @@ function run() {
                             res.end(response);
                         });
                 });
-            } else {
-                res.statusCode = 200;
-                res.setHeader('Content-Type', 'text/plain');
-                res.end('Hey dude, you should POST here!');
             }
         });
         const port = 19455;