You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2020/04/17 09:56:14 UTC
[openmeetings] branch master updated: [OPENMEETINGS-2247]
connect-src is hacked for Safari
This is an automated email from the ASF dual-hosted git repository.
solomax pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openmeetings.git
The following commit(s) were added to refs/heads/master by this push:
new b70d682 [OPENMEETINGS-2247] connect-src is hacked for Safari
b70d682 is described below
commit b70d682d43409eccf8dac9ef49e834a20cc03bfd
Author: Maxim Solodovnik <so...@gmail.com>
AuthorDate: Fri Apr 17 16:55:52 2020 +0700
[OPENMEETINGS-2247] connect-src is hacked for Safari
---
.../java/org/apache/openmeetings/IApplication.java | 1 +
.../db/dao/basic/ConfigurationDao.java | 4 ++++
.../apache/openmeetings/web/app/Application.java | 28 ++++++++++++++++++++++
3 files changed, 33 insertions(+)
diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/IApplication.java b/openmeetings-db/src/main/java/org/apache/openmeetings/IApplication.java
index 159f2cf..9eecb1f 100644
--- a/openmeetings-db/src/main/java/org/apache/openmeetings/IApplication.java
+++ b/openmeetings-db/src/main/java/org/apache/openmeetings/IApplication.java
@@ -48,4 +48,5 @@ public interface IApplication {
//WS
void publishWsTopic(IClusterWsMessage msg);
+ String getWsUrl();
}
diff --git a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java
index 65656cb..745029d 100644
--- a/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java
+++ b/openmeetings-db/src/main/java/org/apache/openmeetings/db/dao/basic/ConfigurationDao.java
@@ -134,6 +134,7 @@ import org.apache.openjpa.event.RemoteCommitProvider;
import org.apache.openjpa.event.TCPRemoteCommitProvider;
import org.apache.openjpa.persistence.OpenJPAEntityManagerSPI;
import org.apache.openjpa.persistence.OpenJPAPersistence;
+import org.apache.openmeetings.IApplication;
import org.apache.openmeetings.db.dao.IDataProviderDao;
import org.apache.openmeetings.db.dao.server.OAuth2Dao;
import org.apache.openmeetings.db.dao.user.UserDao;
@@ -180,6 +181,8 @@ public class ConfigurationDao implements IDataProviderDao<Configuration> {
private UserDao userDao;
@Autowired
private OAuth2Dao oauthDao;
+ @Autowired
+ private IApplication app;
public void updateClusterAddresses(String addresses) throws UnknownHostException {
OpenJPAConfiguration cfg = ((OpenJPAEntityManagerSPI)OpenJPAPersistence.cast(em)).getConfiguration();
@@ -651,6 +654,7 @@ public class ConfigurationDao implements IDataProviderDao<Configuration> {
addCspRule(cspConfig, CSPDirective.MEDIA_SRC, getCspMediaSrc());
addCspRule(cspConfig, CSPDirective.SCRIPT_SRC, getCspScriptSrc());
addCspRule(cspConfig, CSPDirective.STYLE_SRC, getCspStyleSrc());
+ addCspRule(cspConfig, CSPDirective.CONNECT_SRC, app.getWsUrl(), false); // special code for Safari browser
if (!Strings.isEmpty(getGaCode())) {
// https://developers.google.com/tag-manager/web/csp#universal_analytics_google_analytics
addCspRule(cspConfig, CSPDirective.IMG_SRC, "https://www.google-analytics.com");
diff --git a/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java b/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
index 7f81153..630a710 100644
--- a/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
+++ b/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
@@ -167,6 +167,7 @@ public class Application extends AuthenticatedWebApplication implements IApplica
final HazelcastInstance hazelcast = Hazelcast.getOrCreateHazelcastInstance(new XmlConfigBuilder().build());
private ITopic<IClusterWsMessage> hazelWsTopic;
private String serverId;
+ private String wsUrl;
@Autowired
private ApplicationContext ctx;
@@ -260,6 +261,12 @@ public class Application extends AuthenticatedWebApplication implements IApplica
wresp.setHeader("X-XSS-Protection", "1; mode=block");
wresp.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload");
wresp.setHeader("X-Content-Type-Options", "nosniff");
+ if (wsUrl == null) {
+ wsUrl = getWsUrl(cycle.getRequest().getUrl());
+ if (wsUrl != null) {
+ cfgDao.updateCsp();
+ }
+ }
}
}
}
@@ -616,4 +623,25 @@ public class Application extends AuthenticatedWebApplication implements IApplica
public void publishWsTopic(IClusterWsMessage msg) {
hazelWsTopic.publish(msg);
}
+
+ @Override
+ public String getWsUrl() {
+ return wsUrl;
+ }
+
+ private static String getWsUrl(Url reqUrl) {
+ if (!reqUrl.isFull()) {
+ return null;
+ }
+ final boolean insecure = "http".equalsIgnoreCase(reqUrl.getProtocol());
+ String delim = ":";
+ String port = reqUrl.getPort() == null || reqUrl.getPort() < 0 ? "" : String.valueOf(reqUrl.getPort());
+ if (!port.isEmpty() && ((insecure && 80 == reqUrl.getPort()) || (!insecure && 443 == reqUrl.getPort()))) {
+ port = "";
+ }
+ if (port.isEmpty()) {
+ delim = "";
+ }
+ return String.format("%s://%s%s%s", insecure ? "ws" : "wss", reqUrl.getHost(), delim, port);
+ }
}