You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2017/11/08 09:41:54 UTC
openmeetings git commit: [OPENMEETINGS-1747] Content-Security-Policy
for Edge should be fixed
Repository: openmeetings
Updated Branches:
refs/heads/4.0.x d41832b13 -> 1ec81a934
[OPENMEETINGS-1747] Content-Security-Policy for Edge should be fixed
Project: http://git-wip-us.apache.org/repos/asf/openmeetings/repo
Commit: http://git-wip-us.apache.org/repos/asf/openmeetings/commit/1ec81a93
Tree: http://git-wip-us.apache.org/repos/asf/openmeetings/tree/1ec81a93
Diff: http://git-wip-us.apache.org/repos/asf/openmeetings/diff/1ec81a93
Branch: refs/heads/4.0.x
Commit: 1ec81a934b5d99a79d815e8f9ac9314227e75a1d
Parents: d41832b
Author: Maxim Solodovnik <so...@gmail.com>
Authored: Wed Nov 8 16:41:44 2017 +0700
Committer: Maxim Solodovnik <so...@gmail.com>
Committed: Wed Nov 8 16:41:44 2017 +0700
----------------------------------------------------------------------
.../openmeetings/web/app/Application.java | 25 +++++++++++++++-----
1 file changed, 19 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/openmeetings/blob/1ec81a93/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
----------------------------------------------------------------------
diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
index bd36f4f..25d6828 100644
--- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
+++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
@@ -253,12 +253,8 @@ public class Application extends AuthenticatedWebApplication implements IApplica
wresp.setHeader("X-Content-Type-Options", "nosniff");
wresp.setHeader("X-Frame-Options", xFrameOptions);
Url reqUrl = cycle.getRequest().getUrl();
- wresp.setHeader("Content-Security-Policy", String.format("%s; connect-src 'self' %s://%s:%s;"
- , contentSecurityPolicy
- , "http".equalsIgnoreCase(reqUrl.getProtocol()) ? "ws" : "wss"
- , reqUrl.getHost()
- , reqUrl.getPort()
- ));
+ wresp.setHeader("Content-Security-Policy"
+ , String.format("%s; connect-src 'self' %s;", contentSecurityPolicy, getWsUrl(reqUrl)));
}
}
});
@@ -892,4 +888,21 @@ public class Application extends AuthenticatedWebApplication implements IApplica
public void publishWsTopic(IClusterWsMessage msg) {
hazelWsTopic.publish(msg);
}
+
+ private String getWsUrl(Url reqUrl) {
+ final boolean secure = "http".equalsIgnoreCase(reqUrl.getProtocol());
+ String delim = ":";
+ String port = reqUrl.getPort() == null || reqUrl.getPort() < 0 ? "" : String.valueOf(reqUrl.getPort());
+ if (!port.isEmpty() && ((secure && 443 == reqUrl.getPort()) || (!secure && 80 == reqUrl.getPort()))) {
+ port = "";
+ }
+ if (port.isEmpty()) {
+ delim = "";
+ }
+ return String.format("%s://%s%s%s;"
+ , secure ? "ws" : "wss"
+ , reqUrl.getHost()
+ , delim
+ , port);
+ }
}