From 29d61ca634aeccbe2c8f007c8cfeed4001cdeeff Mon Sep 17 00:00:00 2001 From: Steve Johnson Date: Sat, 14 Jan 2017 00:11:56 -0800 Subject: [PATCH] web.exclude_paths_from_items option More exclude_paths_from_items --- beetsplug/web/__init__.py | 9 ++++++++- docs/plugins/web.rst | 2 ++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/beetsplug/web/__init__.py b/beetsplug/web/__init__.py index e7b9ec81f..05872f6d2 100644 --- a/beetsplug/web/__init__.py +++ b/beetsplug/web/__init__.py @@ -37,7 +37,10 @@ def _rep(obj, expand=False): out = dict(obj) if isinstance(obj, beets.library.Item): - del out['path'] + if app.config['exclude_paths_from_items']: + del out['path'] + else: + out['path'] = out['path'].decode('utf-8') # Get the size (in bytes) of the backing file. This is useful # for the Tomahawk resolver API. @@ -309,6 +312,7 @@ class WebPlugin(BeetsPlugin): 'host': u'127.0.0.1', 'port': 8337, 'cors': '', + 'exclude_paths_from_items': True, }) def commands(self): @@ -327,6 +331,9 @@ class WebPlugin(BeetsPlugin): # Normalizes json output app.config['JSONIFY_PRETTYPRINT_REGULAR'] = False + app.config['exclude_paths_from_items'] = ( + self.config['exclude_paths_from_items']) + # Enable CORS if required. if self.config['cors']: self._log.info(u'Enabling CORS with origin: {0}', diff --git a/docs/plugins/web.rst b/docs/plugins/web.rst index f4ae063e0..45000dc26 100644 --- a/docs/plugins/web.rst +++ b/docs/plugins/web.rst @@ -63,6 +63,8 @@ configuration file. The available options are: Default: 8337. - **cors**: The CORS allowed origin (see :ref:`web-cors`, below). Default: CORS is disabled. +- **exclude_paths_from_items**: The 'path' key of items is filtered out of JSON + responses for security reasons. Default: true. Implementation --------------