Zeronet UI does not work without HTTP Accept header

[ValdikSS]

Step 1: Please describe your environment

• ZeroNet version: 0.6.2
• Operating system: Linux
• Web browser: Firefox
• Tor status: enabled
• Opened port: yes
• Special configuration: I2P Tunnel

Step 2: Describe the problem:

Zeronet Ui expects HTTP Accept header to contain at least text/html. I2P tunnels remove Accept header from the request, which does not allow to access Zeronet due to the following check: https://github.com/HelloZeroNet/ZeroNet/blob/master/src/Ui/UiRequest.py#L283

Steps to reproduce:

1. Send HTTP request without Accept HTTP header to Zeronet UI address

Observed Results:

Zeronet returns HTTP 403 Invalid Accept header to load wrapper error.

Expected Results:

Zeronet ignores absence of HTTP Accept header and continue to work.

[purplesyringa]

Well, @ValdikSS, this check was added to protect from <img src="/fdgkjdhgjfd"> attack. Normal HTTP requests send text/html as Accept, while img tags don't.

[ValdikSS]

Do I understand this correctly that this is done to prevent deanonymization of Zeronet users from the usual internet websites? If Zeronet would serve the content when Accept header is completely missing, would that bring additional issues?

[purplesyringa]

@ValdikSS Yes, for example, other sites could trigger site download by adding <img src="/Talk.ZeroNetwork.bit/"> tag that will download ZeroTalk.