You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2014/09/08 19:16:27 UTC
chttpd commit: updated refs/heads/master to 6577ad1
Repository: couchdb-chttpd
Updated Branches:
refs/heads/master 6b372c641 -> 6577ad195
Forward-port caching and csp headers for _utils
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/6577ad19
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/6577ad19
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/6577ad19
Branch: refs/heads/master
Commit: 6577ad1957ef2eb5027a9c8cf41a822fef7dfce9
Parents: 6b372c6
Author: Robert Newson <rn...@apache.org>
Authored: Mon Sep 8 18:11:00 2014 +0100
Committer: Robert Newson <rn...@apache.org>
Committed: Mon Sep 8 18:14:52 2014 +0100
----------------------------------------------------------------------
src/chttpd.erl | 11 ++++++++---
src/chttpd_misc.erl | 13 ++++++++++++-
2 files changed, 20 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/6577ad19/src/chttpd.erl
----------------------------------------------------------------------
diff --git a/src/chttpd.erl b/src/chttpd.erl
index 32b12c8..77093c9 100644
--- a/src/chttpd.erl
+++ b/src/chttpd.erl
@@ -19,7 +19,7 @@
qs_value/3, qs/1, qs_json_value/3, path/1, absolute_uri/2, body_length/1,
verify_is_server_admin/1, unquote/1, quote/1, recv/2, recv_chunked/4,
error_info/1, parse_form/1, json_body/1, json_body_obj/1, body/1,
- doc_etag/1, make_etag/1, etag_respond/3, partition/1, serve_file/3,
+ doc_etag/1, make_etag/1, etag_respond/3, partition/1, serve_file/3, serve_file/4,
server_header/0, start_chunked_response/3,send_chunk/2,
start_response_length/4, send/2, start_json_response/2,
start_json_response/3, end_json_response/1, send_response/4,
@@ -411,9 +411,14 @@ header_value(#httpd{mochi_req=MochiReq}, Key, Default) ->
primary_header_value(#httpd{mochi_req=MochiReq}, Key) ->
MochiReq:get_primary_header_value(Key).
-serve_file(#httpd{mochi_req=MochiReq}=Req, RelativePath, DocumentRoot) ->
+serve_file(Req, RelativePath, DocumentRoot) ->
+ serve_file(Req, RelativePath, DocumentRoot, []).
+
+serve_file(#httpd{mochi_req=MochiReq}=Req, RelativePath, DocumentRoot,
+ ExtraHeaders) ->
Headers = server_header() ++
- couch_httpd_auth:cookie_auth_header(Req, []),
+ couch_httpd_auth:cookie_auth_header(Req, []) ++
+ ExtraHeaders,
{ok, MochiReq:serve_file(RelativePath, DocumentRoot,
chttpd_cors:headers(Req, Headers))}.
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/6577ad19/src/chttpd_misc.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_misc.erl b/src/chttpd_misc.erl
index dea85e3..ce23fd9 100644
--- a/src/chttpd_misc.erl
+++ b/src/chttpd_misc.erl
@@ -72,7 +72,10 @@ handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) ->
case chttpd:partition(UrlPath) of
{_ActionKey, "/", RelativePath} ->
% GET /_utils/path or GET /_utils/
- chttpd:serve_file(Req, RelativePath, DocumentRoot);
+ CachingHeaders = [{"Cache-Control", "private, must-revalidate"}],
+ EnableCsp = config:get("csp", "enable", "false"),
+ Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp),
+ chttpd:serve_file(Req, RelativePath, DocumentRoot, Headers);
{_ActionKey, "", _RelativePath} ->
% GET /_utils
RedirectPath = chttpd:path(Req) ++ "/",
@@ -81,6 +84,14 @@ handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) ->
handle_utils_dir_req(Req, _) ->
send_method_not_allowed(Req, "GET,HEAD").
+maybe_add_csp_headers(Headers, "true") ->
+ DefaultValues = "default-src 'self'; img-src 'self'; font-src 'self'; "
+ "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';",
+ Value = config:get("csp", "header_value", DefaultValues),
+ [{"Content-Security-Policy", Value} | Headers];
+maybe_add_csp_headers(Headers, _) ->
+ Headers.
+
handle_sleep_req(#httpd{method='GET'}=Req) ->
Time = list_to_integer(chttpd:qs_value(Req, "time")),
receive snicklefart -> ok after Time -> ok end,