The Access-Control-Allow-Origin header has only relevance, when a resource is loaded from an external host, so one that does not match the host of the primary loaded website. As the fonts are reasonably loaded via local URLs without hostname or scheme from the blocking page style sheet, they are never seen as external resources, regardless whether the blocking page is shown to the browser from a blocked domain or from the Pi-hole domain/IP.
For reference: https://github.com/pi-hole/pi-hole/issues/3462
Signed-off-by: MichaIng <micha@dietpi.com>
* Add switching 'to...from' message to ftl checkout output
Signed-off-by: Christian König <ckoenig@posteo.de>
* Add quotes
Signed-off-by: Christian König <ckoenig@posteo.de>
* Add uptime to debug log
Signed-off-by: Christian König <ckoenig@posteo.de>
* Address github comments
Signed-off-by: Christian König <ckoenig@posteo.de>
Make this script a bourne shell script, which requires the removal of only a single bashism, the "{n..m}" expansion. Furthermore, since POSIX echo has no reliable command line options, switch to printf when line breaks shall be omitted. On most distros/setups "sh" calls a much lighter bourne shell like dash, which inits and runs much faster than bash.
Remove unused PIDFILE variable, remove the single case of FTLUSER call and remove it as well. Using variables here might give the wrong impression that there is a change these can be varied. But both are hardcoded in many places throughout Pi-hole, so in this service script.
Consolidate and merge the commands to pre-create and set permissions for required files and directories. The /var/log/pihole directory is and was never used, the touch, chmod and chown call can be merged into one each to reduce overhead. Use "-f" option to to fail on missing database files instead of redirecting STDERR, which is otherwise helpful to debug other possible errors, like missing or corrupted commands, filesystem errors and such.
Do not use "which pihole-FTL" when setting capabilities when the hardcoded path /usr/bin/pihole-FTL is used for the actual daemon call. It makes sense to use the full path here, as the Pi-hole installer and updater installs it explicitly there, and so we prevent users from e.g. overriding it via /usr/local/bin/pihole-FTL too easily.
On pgrep and pkill calls, add the "-x" flag to assure that only "pihole-FTL" is matched and not "foo-pihole-FTL" or "pihole-FTL-bar".
Do not remove possible leftovers from previous pihole-FTL processes on start, but on stop instead. Since "start" includes a proceeding "stop" as well, on service start nothing changes, but on service stop, some resources are now freed.
Remove leading "$" from usage message. In bash this was omitted, as $'...' is a special syntax for escape sequence expansion, which is not applicable here. In dash it would be printed literally. To keep previous behaviour, it is hence removed.
Signed-off-by: MichaIng <micha@dietpi.com>
* Aligned pihole logo to center, Fixed responsive issue
* removed duplicate instance of #splashpage
Signed-off-by: Dany Gauthier <danygauthier57@yahoo.ca>
The CLI and the UI should do the same to be able to add/remove the same
records via any supported interface.
Signed-off-by: Andras Tim <andras.tim@gmail.com>
Already existing regex validation will be used on url after removing @ (in case
its in separating userinfo and host).
Signed-off-by: Matej Dujava <mdujava@kocurkovo.cz>
Fixes: https://github.com/pi-hole/pi-hole/issues/3911
Fixes: 7d19ee1b: validate blocklist URL before adding to the database (#3237)
After some email discussion with Adam, there is a preference to also prevent $splashPage from using variables
Signed-off-by: craigmayhew <craig@mayhew.io>
Found below by accident:
```
pi@ph5:~ $ man dnsmasq
[..]
--dns-loop-detect
Enable code to detect DNS forwarding loops; ie the situa‐
tion where a query sent to one of the upstream server
eventually returns as a new query to the dnsmasq instance.
The process works by generating TXT queries of the form
<hex>.test and sending them to each upstream server. The
hex is a UID which encodes the instance of dnsmasq sending
the query and the upstream server to which it was sent. If
the query returns to the server which sent it, then the
upstream server through which it was sent is disabled and
this event is logged. Each time the set of upstream
servers changes, the test is re-run on all of them, in‐
cluding ones which were previously disabled.
```
Seems to work just fine if I point my router 10.0.0.1 back to Pi-hole in the WAN DNS settings:
```
pi@ph5:~ $ grep server= -R /etc/dnsmasq.*
/etc/dnsmasq.d/01-pihole.conf:server=9.9.9.10
/etc/dnsmasq.d/01-pihole.conf:server=149.112.112.10
/etc/dnsmasq.d/01-pihole.conf:server=10.0.0.1
/etc/dnsmasq.d/01-pihole.conf:rev-server=10.0.0.0/24,10.0.0.2
/etc/dnsmasq.d/01-pihole.conf:server=/dehakkelaar.nl/10.0.0.2
/etc/dnsmasq.d/01-pihole.conf:server=/use-application-dns.net/
```
```
pi@ph5:~ $ sudo tee /etc/dnsmasq.d/99-my-settings.conf <<< $'dns-loop-detect'
dns-loop-detect
```
```
pi@ph5:~ $ pihole restartdns
[✓] Restarting DNS server
```
```
pi@ph5:~ $ tail -F /var/log/pihole.log
[..]
Oct 22 18:17:41 dnsmasq[17301]: using nameserver 10.0.0.2#53 for domain dehakkelaar.nl
Oct 22 18:17:41 dnsmasq[17301]: using nameserver 10.0.0.2#53 for domain 0.0.10.in-addr.arpa
Oct 22 18:17:41 dnsmasq[17301]: NOT using nameserver 10.0.0.1#53 - query loop detected
Oct 22 18:17:41 dnsmasq[17301]: using nameserver 149.112.112.10#53
Oct 22 18:17:41 dnsmasq[17301]: using nameserver 9.9.9.10#53
```