Query the detected url and make sure it redirects to the
expected url. This closes a security vulnerability
where a remote could be changed to an arbitrary repo's url.
The `moved_origin` option is no longer necessary, however it
is currently used as an additional check. In the future it will be
deprecated.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Close a security hole where an attacker could overwrite an existing repo
with any remote and run malicious code through an update.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
If the supplied python executable is a symbolic link attempt
to read the location at which it points. If this is a virtualenv
this should give us the correct pip location.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This adds initial support for connecting Moonraker to the SimplyPrint
service. Currently the connection defaults to SimplyPrint's dev/test
endpoint, this will be changed prior to official release.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Its possible for any component to request a configuration
option from another component. Don't overwrite the
inital value stored.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Process included files in the order they are added. This changes how
duplicate sections throughout included files are merged, options in
the last section to be parsed will take precedent.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
The webcam module allows users to enter webcam configuration through
moonraker.conf while keeping compatibility with frontends that
store webcam data in the database.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
In the future, an `Access-Control-Request-Private-Network` header will be sent with
these requests, and servers must respond with `Access-Control-Allow-Private-Network`.
This will start with the next Chrome version (104), and Mozilla has marked the
standard as "worth prototyping", which often leads to final implementation.
Signed-off-by: Franklyn Tackitt <git@frank.af>
Check for updates every 7 days rather than every 28 days. This
is in preparation of an upcoming beta release.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Python 3.10 deprecates "get_event_loop()", so it is necessary to
create a new loop and set it as active at startup. Previously
Moonraker only did this after a soft restart.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
For legacy purposes its possible that "initialize()" may be an
awaitable. Ignore the type as it consues mypy.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>