Changeset 248deae
- Timestamp:
- Feb 25, 2016 2:56:06 PM (5 years ago)
- Branches:
- master
- Children:
- 90a915b
- Parents:
- a79b25d
- Location:
- apps
- Files:
-
- 22 edited
Legend:
- Unmodified
- Added
- Removed
-
apps/i2psnark/java/src/org/klomp/snark/web/BasicServlet.java
ra79b25d r248deae 379 379 if (content.getContentType()!=null && response.getContentType()==null) 380 380 response.setContentType(content.getContentType()); 381 381 response.setHeader("X-Content-Type-Options", "nosniff"); 382 382 long lml = content.getLastModified(); 383 383 if (lml > 0) … … 395 395 if (ct>=0) 396 396 response.setHeader("Cache-Control", "public, max-age=" + ct); 397 398 397 } 399 398 -
apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
ra79b25d r248deae 380 380 resp.setHeader("X-Frame-Options", "SAMEORIGIN"); 381 381 resp.setHeader("X-XSS-Protection", "1; mode=block"); 382 resp.setHeader("X-Content-Type-Options", "nosniff"); 382 383 } 383 384 -
apps/i2ptunnel/jsp/edit.jsp
ra79b25d r248deae 6 6 response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'"); 7 7 response.setHeader("X-XSS-Protection", "1; mode=block"); 8 response.setHeader("X-Content-Type-Options", "nosniff"); 8 9 9 10 %><%@page pageEncoding="UTF-8" -
apps/i2ptunnel/jsp/index.jsp
ra79b25d r248deae 9 9 response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); 10 10 response.setHeader("X-XSS-Protection", "1; mode=block"); 11 response.setHeader("X-Content-Type-Options", "nosniff"); 11 12 12 13 %><%@page pageEncoding="UTF-8" -
apps/i2ptunnel/jsp/wizard.jsp
ra79b25d r248deae 9 9 response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); 10 10 response.setHeader("X-XSS-Protection", "1; mode=block"); 11 response.setHeader("X-Content-Type-Options", "nosniff"); 11 12 12 13 %><%@page pageEncoding="UTF-8" -
apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/IdenticonServlet.java
ra79b25d r248deae 167 167 // return image bytes to requester 168 168 response.setContentType(IDENTICON_IMAGE_MIMETYPE); 169 response.setHeader("X-Content-Type-Options", "nosniff"); 169 170 response.setContentLength(imageBytes.length); 170 171 response.getOutputStream().write(imageBytes); -
apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/QRServlet.java
ra79b25d r248deae 192 192 // return image bytes to requester 193 193 response.setContentType(IDENTICON_IMAGE_MIMETYPE); 194 response.setHeader("X-Content-Type-Options", "nosniff"); 194 195 response.setContentLength(imageBytes.length); 195 196 response.getOutputStream().write(imageBytes); -
apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/RandomArtServlet.java
ra79b25d r248deae 63 63 response.setCharacterEncoding("UTF-8"); 64 64 } 65 response.setHeader("X-Content-Type-Options", "nosniff"); 65 66 buf.append(RandomArt.gnutls_key_fingerprint_randomart(h.getData(), "SHA", 256, "", true, html)); 66 67 if (html) -
apps/routerconsole/java/src/net/i2p/router/web/CodedIconRendererServlet.java
ra79b25d r248deae 42 42 43 43 srs.setContentType("image/png"); 44 srs.setHeader("X-Content-Type-Options", "nosniff"); 44 45 srs.setDateHeader("Expires", I2PAppContext.getGlobalContext().clock().now() + 86400000l); 45 46 srs.setHeader("Cache-Control", "public, max-age=86400"); -
apps/routerconsole/jsp/css.jsi
ra79b25d r248deae 35 35 response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'"); 36 36 response.setHeader("X-XSS-Protection", "1; mode=block"); 37 response.setHeader("X-Content-Type-Options", "nosniff"); 37 38 } 38 39 -
apps/routerconsole/jsp/flags.jsp
ra79b25d r248deae 32 32 // cache for a day 33 33 response.setDateHeader("Expires", net.i2p.I2PAppContext.getGlobalContext().clock().now() + 86400000l); 34 response.setHeader("Cache-Control", "public, max-age=86400"); 34 response.setHeader("Cache-Control", "public, max-age=604800"); 35 response.setHeader("X-Content-Type-Options", "nosniff"); 35 36 } 36 37 long length = ffile.length(); -
apps/routerconsole/jsp/viewhistory.jsp
ra79b25d r248deae 8 8 */ 9 9 response.setContentType("text/plain"); 10 response.setHeader("X-Content-Type-Options", "nosniff"); 10 11 String base = net.i2p.I2PAppContext.getGlobalContext().getBaseDir().getAbsolutePath(); 11 12 try { -
apps/routerconsole/jsp/viewstat.jsp
ra79b25d r248deae 36 36 java.io.OutputStream cout = response.getOutputStream(); 37 37 String format = request.getParameter("format"); 38 response.setHeader("X-Content-Type-Options", "nosniff"); 38 39 if ("xml".equals(format)) { 39 40 if (!fakeBw) { -
apps/routerconsole/jsp/viewtheme.jsp
ra79b25d r248deae 22 22 response.setContentType("image/svg+xml"); 23 23 } 24 response.setHeader("X-Content-Type-Options", "nosniff"); 24 25 /* 25 26 * User or plugin themes -
apps/routerconsole/jsp/xhr1.jsp
ra79b25d r248deae 9 9 session.setAttribute("i2p.contextId", request.getParameter("i2p.contextId")); 10 10 } 11 response.setHeader("X-Content-Type-Options", "nosniff"); 11 12 %> 12 13 <jsp:useBean class="net.i2p.router.web.CSSHelper" id="intl" scope="request" /> -
apps/susidns/src/jsp/addressbook.jsp
ra79b25d r248deae 31 31 response.setHeader("Content-Security-Policy", "default-src 'self'"); 32 32 response.setHeader("X-XSS-Protection", "1; mode=block"); 33 response.setHeader("X-Content-Type-Options", "nosniff"); 33 34 34 35 %> -
apps/susidns/src/jsp/config.jsp
ra79b25d r248deae 31 31 response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); 32 32 response.setHeader("X-XSS-Protection", "1; mode=block"); 33 response.setHeader("X-Content-Type-Options", "nosniff"); 33 34 34 35 %> -
apps/susidns/src/jsp/details.jsp
ra79b25d r248deae 28 28 response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); 29 29 response.setHeader("X-XSS-Protection", "1; mode=block"); 30 response.setHeader("X-Content-Type-Options", "nosniff"); 30 31 31 32 %> -
apps/susidns/src/jsp/export.jsp
ra79b25d r248deae 24 24 if (request.getCharacterEncoding() == null) 25 25 request.setCharacterEncoding("UTF-8"); 26 response.setHeader("X-Content-Type-Options", "nosniff"); 26 27 %> 27 28 <%@page pageEncoding="UTF-8"%> -
apps/susidns/src/jsp/index.jsp
ra79b25d r248deae 31 31 response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); 32 32 response.setHeader("X-XSS-Protection", "1; mode=block"); 33 response.setHeader("X-Content-Type-Options", "nosniff"); 33 34 34 35 %> -
apps/susidns/src/jsp/subscriptions.jsp
ra79b25d r248deae 31 31 response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); 32 32 response.setHeader("X-XSS-Protection", "1; mode=block"); 33 response.setHeader("X-Content-Type-Options", "nosniff"); 33 34 34 35 %> -
apps/susimail/src/src/i2p/susi/webmail/WebMail.java
ra79b25d r248deae 1594 1594 response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'"); 1595 1595 response.setHeader("X-XSS-Protection", "1; mode=block"); 1596 response.setHeader("X-Content-Type-Options", "nosniff"); 1596 1597 RequestWrapper request = new RequestWrapper( httpRequest ); 1597 1598
Note: See TracChangeset
for help on using the changeset viewer.