Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Whitelist and Blacklist editing #88

Merged
merged 20 commits into from
May 26, 2016
Merged

Whitelist and Blacklist editing #88

merged 20 commits into from
May 26, 2016

Conversation

AzureMarker
Copy link
Contributor

@AzureMarker AzureMarker commented May 8, 2016
edited
Loading

Changes proposed in this pull request:

  • Add Whitelist and Blacklist pages to allow list editing from the web interface. This relies on #469 on the other repo.
  • The security of the lists are maintained by using CSRF tokens and CORS headers.

@pi-hole/dashboard

@AzureMarker
Remove password functionality
4d6ec1c 
After the change to 0.0.0.0 there will
be no need for a password
@AzureMarker
Update list editing commands
b3d3e15 
Updates from using `whitelist.sh` and `blacklist.sh` to
using `pihole`. Currently includes sudo in command, but
after the scripts get updated with sudo checking that
should not be needed.
@AzureMarker
Merge branch 'devel' into whitelist
62f7b37 
Conflicts:
	list.php
	php/add.php
	php/sub.php
@AzureMarker
Add back side links for list editing
d4838fe
@AzureMarker
Implement CSRF token for list editing
283f4b7
@AzureMarker
Implement CORS
05e7ebe 
Only allows requests from http://pi.hole and http://<Pi's IP>
This was referenced May 8, 2016
Merged
Closed
@AzureMarker
Possible fix for incorrect token
d38486f 
It appears that sometimes the first time you open the page,
the token is not synced correctly or something, causing
the CSRF check to fail. Starting the session before any
HTML is outputted seems to be a recommended first step to
troubleshooting PHP session errors. I have tried to test
this fix, but right now I don't know exactly what triggers
the error.
@AzureMarker
Change Blacklist icon to fa-ban
ea0eedc
@AzureMarker
Possible fix for FireFox and IE
8a33af6 
Both failed CORS as both browsers, unlike Chrome,
do not send `Origin` headers for same-origin requests.
Now the scripts check if the `Host` header equals
the IP of the Pi-hole. IE may require more fixing,
as it's IE. :P
@AzureMarker
Complete the fix
0e44f7b 
This fixes the fix. I still needed to account for
`pi.hole` as a Host value.
@AzureMarker
Return correct CORS header for Host
7067473 
If only Host was correct (FireFox and IE only set Host
for same-origin requests) then it would still use the
empty Origin header for the CORS response, leading to
`Access-Control-Allow-Origin: `
@AzureMarker
Turn off caching for jQuery AJAX calls
66d354d 
IE would cache the list contents, so that if you
updated the list it would not show up as changed.
@AzureMarker
Convert commands to jQuery
3a6e6b1 
Mainly changed from `document.getElementById("something")` to
`$(#something)`. Also changed the html and hide/show functions
as a result of the change.
@AzureMarker
Clear domain input on success
a951259
@AzureMarker
Add domain on enter button keypress
c69b434 
Only activates when the input has focus.
@AzureMarker
Add close button to alerts
0aabc01 
They will pop back up again if you add another domain.
@AzureMarker
Fade alerts and add animation to refresh
82e92e9
@AzureMarker
Fix fade in bug on empty list
2ef1e3a 
If the list became empty, the "Your $list is empty!"
message would not pop up, since the fadeIn call is
out of that scope.
@AzureMarker
Merge branch 'devel' into whitelist
d621795
@AzureMarker
Adjust to CSP
a80d752
@AzureMarker AzureMarker merged commit fc85714 into devel May 26, 2016
@AzureMarker AzureMarker deleted the whitelist branch May 26, 2016 22:47
@AzureMarker AzureMarker mentioned this pull request May 26, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Enhancement Requires Testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AzureMarker