You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by et...@apache.org on 2008/10/16 01:29:26 UTC
svn commit: r705097 - in /incubator/shindig/trunk/java/gadgets/src:
main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java
Author: etnu
Date: Wed Oct 15 16:29:26 2008
New Revision: 705097
URL: http://svn.apache.org/viewvc?rev=705097&view=rev
Log:
Skipped sending Content-Disposition headers for flash, which is breaking Flash 10. This reduces our phishing protection, which means that we'll need to come up with a better solution in the long term.
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java
Modified: incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java?rev=705097&r1=705096&r2=705097&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java Wed Oct 15 16:29:26 2008
@@ -24,9 +24,10 @@
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpResponse;
+import java.io.IOException;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
/**
* Base class for proxy-based handlers.
@@ -108,7 +109,12 @@
refreshInterval = Math.max(60 * 60, (int)(results.getCacheTtl() / 1000L));
}
HttpUtil.setCachingHeaders(response, refreshInterval);
- response.setHeader("Content-Disposition", "attachment;filename=p.txt");
+ // We're skipping the content disposition header for flash due to an issue with Flash player 10
+ // This does make some sites a higher value phishing target, but this can be mitigated by
+ // additional referer checks.
+ if (!"application/x-shockwave-flash".equalsIgnoreCase(results.getHeader("Content-Type"))) {
+ response.setHeader("Content-Disposition", "attachment;filename=p.txt");
+ }
}
/**
Modified: incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java
URL: http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java?rev=705097&r1=705096&r2=705097&view=diff
==============================================================================
--- incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java (original)
+++ incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java Wed Oct 15 16:29:26 2008
@@ -18,20 +18,23 @@
*/
package org.apache.shindig.gadgets.servlet;
-import com.google.common.collect.Maps;
+import static org.easymock.EasyMock.expect;
+
import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
-import static org.easymock.EasyMock.expect;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import com.google.common.collect.Maps;
+
import java.util.Arrays;
import java.util.List;
import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
/**
* Tests for ProxyBase.
*/
@@ -145,6 +148,22 @@
assertEquals("attachment;filename=p.txt", recorder.getHeader("Content-Disposition"));
}
+ public void testSetResponseHeadersForFlash() {
+ HttpResponse results = new HttpResponseBuilder()
+ .setHeader("Content-Type", "application/x-shockwave-flash")
+ .create();
+
+ replay();
+
+ proxy.setResponseHeaders(request, recorder, results);
+
+ // Just verify that they were set. Specific values are configurable.
+ assertNotNull("Expires header not set", recorder.getHeader("Expires"));
+ assertNotNull("Cache-Control header not set", recorder.getHeader("Cache-Control"));
+ assertNull("Content-Disposition header set for flash",
+ recorder.getHeader("Content-Disposition"));
+ }
+
public void testSetResponseHeadersNoCache() {
Map<String, List<String>> headers = Maps.newTreeMap(String.CASE_INSENSITIVE_ORDER);
headers.put("Pragma", Arrays.asList("no-cache"));