Changeset 3685bf0


Ignore:
Timestamp:
May 13, 2012 1:05:17 PM (8 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
6ca4b51
Parents:
fc5e30e
Message:

add X-Frame-Options to console headers

Files:
14 edited

Legend:

Unmodified
Added
Removed
  • apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java

    rfc5e30e r3685bf0  
    149149        // this is the part after /i2psnark
    150150        String path = req.getServletPath();
     151        resp.setHeader("X-Frame-Options", "SAMEORIGIN");
    151152
    152153        // AJAX for mainsection
  • apps/i2ptunnel/jsp/edit.jsp

    rfc5e30e r3685bf0  
    11<%
    22    // NOTE: Do the header carefully so there is no whitespace before the <?xml... line
     3
     4    response.setHeader("X-Frame-Options", "SAMEORIGIN");
    35
    46%><%@page pageEncoding="UTF-8"
  • apps/i2ptunnel/jsp/index.jsp

    rfc5e30e r3685bf0  
    55    if (request.getCharacterEncoding() == null)
    66        request.setCharacterEncoding("UTF-8");
     7
     8    response.setHeader("X-Frame-Options", "SAMEORIGIN");
    79
    810%><%@page pageEncoding="UTF-8"
  • apps/i2ptunnel/jsp/wizard.jsp

    rfc5e30e r3685bf0  
    55    if (request.getCharacterEncoding() == null)
    66        request.setCharacterEncoding("UTF-8");
     7
     8    response.setHeader("X-Frame-Options", "SAMEORIGIN");
    79
    810%><%@page pageEncoding="UTF-8"
  • apps/routerconsole/java/src/net/i2p/router/web/CSSHelper.java

    rfc5e30e r3685bf0  
    2020    public static final String PROP_REFRESH = "routerconsole.summaryRefresh";
    2121    public static final String DEFAULT_REFRESH = "60";
     22    private static final String PROP_XFRAME = "routerconsole.disableXFrame";
    2223
    2324    public String getTheme(String userAgent) {
     
    5758        if (val != null)
    5859            NewsFetcher.getInstance(_context).showNews(val.equals("1"));
     60    }
     61
     62    /**
     63     *  Should we send X_Frame_Options=SAMEORIGIN
     64     *  Default true
     65     *  @since 0.9.1
     66     */
     67    public boolean shouldSendXFrame() {
     68        return !_context.getBooleanProperty(PROP_XFRAME);
    5969    }
    6070
  • apps/routerconsole/jsp/css.jsi

    rfc5e30e r3685bf0  
    3030<jsp:setProperty name="intl" property="contextId" value="<%=(String)session.getAttribute(\"i2p.contextId\")%>" />
    3131<%
     32   // clickjacking
     33   if (intl.shouldSendXFrame())
     34      response.setHeader("X-Frame-Options", "SAMEORIGIN");
     35
    3236   String conNonceParam = request.getParameter("consoleNonce");
    3337   if (conNonceParam != null && conNonceParam.equals(System.getProperty("router.consoleNonce"))) {
  • apps/susidns/src/jsp/addressbook.jsp

    rfc5e30e r3685bf0  
    2727    if (request.getCharacterEncoding() == null)
    2828        request.setCharacterEncoding("UTF-8");
     29
     30    response.setHeader("X-Frame-Options", "SAMEORIGIN");
    2931
    3032%>
  • apps/susidns/src/jsp/config.jsp

    rfc5e30e r3685bf0  
    2727    if (request.getCharacterEncoding() == null)
    2828        request.setCharacterEncoding("UTF-8");
     29
     30    response.setHeader("X-Frame-Options", "SAMEORIGIN");
    2931
    3032%>
  • apps/susidns/src/jsp/details.jsp

    rfc5e30e r3685bf0  
    2424    if (request.getCharacterEncoding() == null)
    2525        request.setCharacterEncoding("UTF-8");
     26
     27    response.setHeader("X-Frame-Options", "SAMEORIGIN");
    2628
    2729%>
  • apps/susidns/src/jsp/index.jsp

    rfc5e30e r3685bf0  
    2727    if (request.getCharacterEncoding() == null)
    2828        request.setCharacterEncoding("UTF-8");
     29
     30    response.setHeader("X-Frame-Options", "SAMEORIGIN");
    2931
    3032%>
  • apps/susidns/src/jsp/subscriptions.jsp

    rfc5e30e r3685bf0  
    2727    if (request.getCharacterEncoding() == null)
    2828        request.setCharacterEncoding("UTF-8");
     29
     30    response.setHeader("X-Frame-Options", "SAMEORIGIN");
    2931
    3032%>
  • apps/susimail/src/src/i2p/susi/webmail/WebMail.java

    rfc5e30e r3685bf0  
    11861186                httpRequest.setCharacterEncoding("UTF-8");
    11871187                response.setCharacterEncoding("UTF-8");
     1188                response.setHeader("X-Frame-Options", "SAMEORIGIN");
    11881189                RequestWrapper request = new RequestWrapper( httpRequest );
    11891190               
  • history.txt

    rfc5e30e r3685bf0  
     12012-05-13 zzz
     2 * Console: Add X-Frame-Options to headers,
     3   disable with routerconsole.disableXFrame=true
     4
    15* 2012-05-02 0.9 released
    26
  • router/java/src/net/i2p/router/RouterVersion.java

    rfc5e30e r3685bf0  
    1919    public final static String ID = "Monotone";
    2020    public final static String VERSION = CoreVersion.VERSION;
    21     public final static long BUILD = 0;
     21    public final static long BUILD = 1;
    2222
    2323    /** for example "-test" */
Note: See TracChangeset for help on using the changeset viewer.