Fadi002
diff --git a/‎dist/pywire_eel-0.1.0-py3-none-any.whl‎
-22 KB b/‎dist/pywire_eel-0.1.0-py3-none-any.whl‎
-22 KB
diff --git a/‎dist/pywire_eel-0.1.0.tar.gz‎
-21.5 KB b/‎dist/pywire_eel-0.1.0.tar.gz‎
-21.5 KB
diff --git a/‎dist/pywire_eel-0.1.1-py3-none-any.whl‎
22.3 KB b/‎dist/pywire_eel-0.1.1-py3-none-any.whl‎
22.3 KB
diff --git a/‎dist/pywire_eel-0.1.1.tar.gz‎
21.8 KB b/‎dist/pywire_eel-0.1.1.tar.gz‎
21.8 KB
diff --git a/‎pyproject.toml‎
Lines changed: 1 addition & 1 deletion b/‎pyproject.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎pywire/bridge.py‎
Lines changed: 3 additions & 1 deletion b/‎pywire/bridge.py‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎pywire/browser.py‎
Lines changed: 4 additions & 1 deletion b/‎pywire/browser.py‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎pywire/security.py‎
Lines changed: 17 additions & 2 deletions b/‎pywire/security.py‎
Lines changed: 17 additions & 2 deletions
diff --git a/‎pywire/server.py‎
Lines changed: 12 additions & 0 deletions b/‎pywire/server.py‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎pywire_eel.egg-info/PKG-INFO‎
Lines changed: 1 addition & 1 deletion b/‎pywire_eel.egg-info/PKG-INFO‎
Lines changed: 1 addition & 1 deletion
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "pywire-eel"
-version = "0.1.0"
+version = "0.1.1"
 description = "PyWire is a lightweight Python library that allows you to create simple desktop GUI applications using HTML, CSS, and JavaScript, while giving full access to Python’s functionality and libraries."
 authors = [
     { name = "Fadi002"}
 
@@ -5,6 +5,7 @@
 import sys
 from typing import Dict, Any, Callable, Optional, List
 from .server import HTTPServerThread, WSServerThread
+from .security import SecurityConfig
 from .utils import PortManager, Logger, MessageQueue
 from .browser import BrowserDetector, BrowserLauncher
 
@@ -93,7 +94,8 @@ def _start_servers(self):
 
         self.ws_server = WSServerThread(
             port=self.ws_port,
-            bridge=self
+            bridge=self,
+            security_config=SecurityConfig(http_port=self.http_port)
         )
         self.ws_server.daemon = True
         self.ws_server.start()
 
@@ -640,7 +640,10 @@ def _launch_edge_controlled(self, url: str, mode: str, size: tuple, position: tu
             '--disable-features=TranslateUI',
             '--enable-automation',
             '--disable-sync',
-            '--disable-extensions'
+            '--disable-extensions',
+            "--allow-insecure-localhost",
+            "--disable-site-isolation-trials",
+            "--allow-running-insecure-content"
         ])
 
         if mode == 'app':
 
@@ -40,10 +40,25 @@ def validate_args(self, args: List[Any]) -> List[Any]:
 class SecurityConfig:
     """Simplified security configuration."""
 
-    def __init__(self):
+    def __init__(self, http_port: int = None):
         self.enable_input_validation = True
         self.max_message_size = 1024 * 1024  # 1MB
-        self.allowed_origins = ['http://localhost', 'http://127.0.0.1']
+        self.http_port = http_port
+        self.allowed_origins = {
+            "http://127.0.0.1:<server_port>",
+            "http://localhost:<server_port>",
+        }
+
+    def is_origin_allowed(self, origin: str) -> bool:
+        """Check if the Origin header value is allowed."""
+        if not isinstance(origin, str) or not origin:
+            return False
+        if self.http_port is not None:
+            expected1 = f"http://localhost:{self.http_port}"
+            expected2 = f"http://127.0.0.1:{self.http_port}"
+            return origin == expected1 or origin == expected2
+        pattern = r'^http://(localhost|127\.0\.0\.1)(:\\d+)?$'
+        return re.match(pattern, origin) is not None
 
     def update(self, **kwargs):
         """Update security configuration."""
 
@@ -159,6 +159,7 @@ def __init__(self, port=8001, bridge=None, security_config=None):
         self.logger = Logger("WebSocket")
         self.security_manager = SecurityManager()
         self.input_validator = InputValidator()
+        self.security_config = security_config or SecurityConfig()
         # Use the bridge's message queue instead of creating a new one
         self.message_queue = bridge.message_queue if bridge else MessageQueue()
         self.server_socket = None
@@ -323,6 +324,17 @@ def handshake(self, client_socket) -> bool:
                 if header not in headers or headers[header].lower() != expected_value.lower():
                     return False
 
+            origin = headers.get('origin')
+            if origin:
+                if not self.security_config.is_origin_allowed(origin):
+                    response = (
+                        'HTTP/1.1 403 Forbidden\r\n'
+                        'Content-Length: 0\r\n'
+                        '\r\n'
+                    )
+                    client_socket.send(response.encode())
+                    return False
+
             # Get WebSocket key
             ws_key = headers.get('sec-websocket-key')
             if not ws_key:
 
@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pywire-eel
-Version: 0.1.0
+Version: 0.1.1
 Summary: PyWire is a lightweight Python library that allows you to create simple desktop GUI applications using HTML, CSS, and JavaScript, while giving full access to Python’s functionality and libraries.
 Home-page: https://github.com/Fadi002/pywire-eel
 Author: Fadi002