Changeset 3db297de


Ignore:
Timestamp:
Sep 17, 2014 2:21:31 AM (6 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
ab7e25b
Parents:
85d38e7
Message:
  • i2psnark:
    • Forward port from trunk: Don't send HTML-only headers for icons (2nd try)
    • Consolidate HTML header code
    • Set no-cache headers
    • Don't set HTML headers for redirects
File:
1 edited

Legend:

Unmodified
Added
Removed
  • apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java

    r85d38e7 r3db297de  
    187187            else  // no POST either
    188188                resp.sendError(405);
     189            return;
    189190        }
    190191
    191192        _themePath = "/themes/snark/" + _manager.getTheme() + '/';
    192193        _imgPath = _themePath + "images/";
    193         resp.setHeader("X-Frame-Options", "SAMEORIGIN");
    194         resp.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
    195         resp.setHeader("X-XSS-Protection", "1; mode=block");
     194        req.setCharacterEncoding("UTF-8");
    196195
    197196        String pOverride = _manager.util().connected() ? null : "";
     
    200199        // AJAX for mainsection
    201200        if ("/.ajax/xhr1.html".equals(path)) {
    202             resp.setCharacterEncoding("UTF-8");
    203             resp.setContentType("text/html; charset=UTF-8");
     201            setHTMLHeaders(resp);
    204202            PrintWriter out = resp.getWriter();
    205203            //if (_log.shouldLog(Log.DEBUG))
     
    219217                String pathInfo = req.getPathInfo();
    220218                String pathInContext = addPaths(path, pathInfo);
    221                 req.setCharacterEncoding("UTF-8");
    222                 resp.setCharacterEncoding("UTF-8");
    223                 resp.setContentType("text/html; charset=UTF-8");
    224219                File resource = getResource(pathInContext);
    225220                if (resource == null) {
     
    232227                        sendRedirect(req, resp, "");
    233228                    } else if (listing != null) {
     229                        setHTMLHeaders(resp);
    234230                        resp.getWriter().write(listing);
    235231                    } else { // shouldn't happen
     
    251247        // Either the main page or /configure
    252248
    253         req.setCharacterEncoding("UTF-8");
    254         resp.setCharacterEncoding("UTF-8");
    255         resp.setContentType("text/html; charset=UTF-8");
    256        
    257249        String nonce = req.getParameter("nonce");
    258250        if (nonce != null) {
     
    266258        }
    267259       
     260        setHTMLHeaders(resp);
    268261        PrintWriter out = resp.getWriter();
    269262        out.write(DOCTYPE + "<html>\n" +
     
    365358        }
    366359        out.write(FOOTER);
     360    }
     361
     362    /**
     363     *  The standard HTTP headers for all HTML pages
     364     *
     365     *  @since 0.9.16 moved from doGetAndPost()
     366     */
     367    private static void setHTMLHeaders(HttpServletResponse resp) {
     368        resp.setCharacterEncoding("UTF-8");
     369        resp.setContentType("text/html; charset=UTF-8");
     370        resp.setHeader("Cache-Control", "no-store, max-age=0, no-cache, must-revalidate");
     371        resp.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
     372        resp.setDateHeader("Expires", 0);
     373        resp.setHeader("Pragma", "no-cache");
     374        resp.setHeader("X-Frame-Options", "SAMEORIGIN");
     375        resp.setHeader("X-XSS-Protection", "1; mode=block");
    367376    }
    368377
Note: See TracChangeset for help on using the changeset viewer.