fixed starting multiple instances of extraQL

readme.md

@@ -14,6 +14,9 @@ c:\program files (x86)\Steam\SteamApps\workshop\content\282440\539252269
 Changelog
 =========
 
+Version 2.4.1
+- fixed starting multiple instances of extraQL
+
 Version 2.4
 - better error logging in case steam_api.dll could not be initialized
 - added /sn_suffix to append a text to the steam nickname

source/HttpServer.cs

@@ -266,19 +266,6 @@ private void HandleClientConnection(Stream stream)
           string conn;
           keepAlive = header.TryGetValue("Connection", out conn) && conn == "keep-alive";
 
-          // Check that the user agent is Awesomium and not a regular browser
-          // This should prevent abuse of extraQL URLs embedded in regular web pages
-          if (!bindToAllInterfaces)
-          {
-            string userAgent;
-            if (!header.TryGetValue("User-Agent", out userAgent) || !userAgent.Contains("Awesomium"))
-            {
-              var b = enc.GetBytes("HTTP/1.1 401 Unauthorized\r\n\r\nextraQL URLs may only be called from within QuakeLive scripts");
-              stream.Write(b, 0, b.Length);
-              continue;
-            }
-          }
-
           if (!data.StartsWith("POST ") && !data.StartsWith("GET "))
           {
             var b = enc.GetBytes("HTTP/1.1 405 Method Not Allowed\r\n\r\n");
@@ -296,7 +283,7 @@ private void HandleClientConnection(Stream stream)
             Log(url.ToString()); // ToString() displays the query string url-decoded, OriginalString doesn't
 
           string urlPath = url.AbsolutePath;
-          if (!ExecuteServlet(stream, urlPath, url, data))
+          if (!ExecuteServlet(stream, urlPath, url, data, header))
           {
             var buff = enc.GetBytes("HTTP/1.1 404 Not Found\r\n\r\n");
             stream.Write(buff, 0, buff.Length);
@@ -319,8 +306,22 @@ private void HandleClientConnection(Stream stream)
     #endregion
 
     #region ExecuteServlet()
-    private bool ExecuteServlet(Stream stream, string urlPath, Uri url, string data)
+    private bool ExecuteServlet(Stream stream, string urlPath, Uri url, string data, Dictionary<string,string> header)
     {
+      var unprotectedServlets = new[] { "/", "/version", "/bringToFront", "/scripts", "/repository.json" };
+      // Check that the user agent is Awesomium and not a regular browser
+      // This should prevent abuse of extraQL URLs embedded in regular web pages
+      if (!bindToAllInterfaces && Array.IndexOf(unprotectedServlets, urlPath) < 0)
+      {
+        string userAgent;
+        if (!header.TryGetValue("User-Agent", out userAgent) || !userAgent.Contains("Awesomium"))
+        {
+          var b = enc.GetBytes("HTTP/1.1 401 Unauthorized\r\n\r\nextraQL URLs may only be called from within QuakeLive scripts");
+          stream.Write(b, 0, b.Length);
+          return true;
+        }
+      }
+
       foreach (var entry in servlets)
       {
         if (entry.Key == urlPath || urlPath.StartsWith(entry.Key + "/"))

source/MainForm.cs

@@ -11,7 +11,7 @@ namespace ExtraQL
 {
   public partial class MainForm : Form
   {
-    public const string Version = "2.4";
+    public const string Version = "2.4.1";
 
     private readonly Config config;
     private readonly HttpServer server;