source: apps/routerconsole/jsp/flags.jsp @ 248deae

Last change on this file since 248deae was 248deae, checked in by zzz <zzz@…>, 4 years ago

Console: Add X-Content-Type-Options header everywhere (ticket #1763)

  • Property mode set to 100644
File size: 2.5 KB
Line 
1<%
2/*
3 * USE CAUTION WHEN EDITING
4 * Trailing whitespace OR NEWLINE on the last line will cause
5 * IllegalStateExceptions !!!
6 *
7 * Do not tag this file for translation.
8 */
9
10/**
11 *  flags.jsp?c=de => icons/flags/de.png
12 *  with headers set so the browser caches.
13 */
14String c = request.getParameter("c");
15if (c != null &&
16    (c.length() == 2 || c.length() == 7) &&
17    c.replaceAll("[a-z0-9_]", "").length() == 0) {
18    java.io.OutputStream cout = response.getOutputStream();
19    String base = net.i2p.I2PAppContext.getGlobalContext().getBaseDir().getAbsolutePath();
20    String file = "docs" + java.io.File.separatorChar + "icons" + java.io.File.separatorChar +
21                  "flags" + java.io.File.separatorChar + c + ".png";
22    java.io.File ffile = new java.io.File(base, file);
23    long lastmod = ffile.lastModified();
24    if (lastmod > 0) {
25        long iflast = request.getDateHeader("If-Modified-Since");
26        // iflast is -1 if not present; round down file time
27        if (iflast >= ((lastmod / 1000) * 1000)) {
28            response.sendError(304, "Not Modified");
29            return;
30        }
31        response.setDateHeader("Last-Modified", lastmod);
32        // cache for a day
33        response.setDateHeader("Expires", net.i2p.I2PAppContext.getGlobalContext().clock().now() + 86400000l);
34        response.setHeader("Cache-Control", "public, max-age=604800");
35        response.setHeader("X-Content-Type-Options", "nosniff");
36    }
37    long length = ffile.length();
38    if (length > 0)
39        response.setHeader("Content-Length", Long.toString(length));
40    response.setContentType("image/png");
41    try {
42        net.i2p.util.FileUtil.readFile(file, base, cout);
43    } catch (java.io.IOException ioe) {
44        // prevent 'Committed' IllegalStateException from Jetty
45        if (!response.isCommitted()) {
46            response.sendError(403, ioe.toString());
47        }  else {
48            // not an error, happens when the browser closes the stream
49            net.i2p.I2PAppContext.getGlobalContext().logManager().getLog(getClass()).warn("Error serving flags/" + c + ".png", ioe);
50            // Jetty doesn't log this
51            throw ioe;
52        }
53    }
54} else {
55    /*
56     *  Send a 403 instead of a 404, because the server sends error.jsp
57     *  for 404 errors, complete with the summary bar, which would be
58     *  a huge load for a page full of flags if the user didn't have the
59     *  flags directory for some reason.
60     */
61    response.sendError(403, "No flag specified");
62}
63%>
Note: See TracBrowser for help on using the repository browser.