diff --git a/app.yaml b/app.yaml index 47435b52..ee655e45 100644 --- a/app.yaml +++ b/app.yaml @@ -1,5 +1,3 @@ -application: glowscript -version: 1 runtime: python27 api_version: 1 threadsafe: true diff --git a/ide/api.py b/ide/api.py index 5ba3ffe3..8b9f20cb 100644 --- a/ide/api.py +++ b/ide/api.py @@ -29,7 +29,7 @@ localport = '8080' # normally 8080 website = 'glowscript' # normally glowscript -weblocs = ["www."+website+".org", website+".org", "localhost:"+localport] +weblocs = ["www."+website+".org", website+".org", "localhost:"+localport,'-glowscript-py38.uc.r.appspot.com'] import webapp2 as web # docs at https://webapp2.readthedocs.io/en/latest/ # Also see RequestHandler docs at https://webapp2.readthedocs.io/en/latest/api/webapp2.html#webapp2.RequestHandler @@ -99,9 +99,16 @@ def validate(self, *names): return True def authorize(self): + host = self.request.headers['Host'] + hlist = host.split('dot') + if len(hlist) > 1: + if hlist[1] in weblocs: + return True + if self.request.headers['Host'] not in weblocs: self.error(403) return False + return True def authorize_user(self, username): diff --git a/ide/ide.js b/ide/ide.js index 27b45537..cd3d2961 100644 --- a/ide/ide.js +++ b/ide/ide.js @@ -909,6 +909,7 @@ $(function () { var untrusted_src = "https://sandbox."+website+".org/untrusted/run.html" var untrusted_origin = "https://sandbox."+website+".org" + var devdomain = "-glowscript-py38.uc.r.appspot.com" // for testing pre-deployment instances only var ready = false try { @@ -924,6 +925,9 @@ $(function () { } else if (document.domain == "localhost") { untrusted_origin = "http://" + window.location.host untrusted_src = "/untrusted/run.html" + } else if (document.domain.slice(-devdomain.length) == devdomain) { + untrusted_origin = window.location.origin + untrusted_src = "/untrusted/run.html" } } catch (err) { window.console && console.log("Error checking for developer-only settings: ", err) diff --git a/index.yaml b/index.yaml new file mode 100644 index 00000000..36e4583d --- /dev/null +++ b/index.yaml @@ -0,0 +1,8 @@ +indexes: +# AUTOGENERATED + +# This index.yaml is automatically updated whenever the Cloud Datastore +# emulator detects that a new type of query is run. If you want to manage the +# index.yaml file manually, remove the "# AUTOGENERATED" marker line above. +# If you want to manage some indexes manually, move them above the marker line. + diff --git a/untrusted/run.js b/untrusted/run.js index c16cb405..401c0a57 100755 --- a/untrusted/run.js +++ b/untrusted/run.js @@ -3,7 +3,11 @@ var localport = '8080' // normally 8080 var website = 'glowscript' // normally glowscript var runloc = (document.domain == "localhost") ? "http" : "https" -var weblocs = ["https://"+website+".org", "https://www."+website+".org", runloc+"://localhost:"+localport] +var weblocs = ["https://"+website+".org", "https://www."+website+".org", runloc+"://localhost:"+localport,] +var devdomain = "-glowscript-py38.uc.r.appspot.com" +if (document.domain.slice(-devdomain.length) == devdomain) { + weblocs.push(window.location.origin) +} window.glowscript_libraries = { // used for unpackaged (X.Ydev) version run: [