idk/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues 2 Pull Requests Actions 2 Packages Projects Releases Wiki Activity

i2pcontrol: Basic HTML fixes and HTTP headers for static pages

Browse Source
This commit is contained in:
zzz
2020-11-23 15:24:19 +00:00
parent 875fcdfb94
commit aef2fb8ce0
1 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
apps/i2pcontrol/java/net/i2p/i2pcontrol/servlets/JSONRPC2Servlet.java
View File

@ -145,8 +145,9 @@ public class JSONRPC2Servlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
httpServletResponse.setContentType("text/html");
setHeaders(httpServletResponse);
PrintWriter out = httpServletResponse.getWriter();
out.println("<html><head></head><body>");
out.println("<p>I2PControl RPC Service version " + I2PControlVersion.VERSION + " : Running");
if ("/password".equals(httpServletRequest.getServletPath())) {
out.println("<form method=\"POST\" action=\"password\">");
@ -160,16 +161,19 @@ public class JSONRPC2Servlet extends HttpServlet {
"<input name=\"save\" type=\"submit\" value=\"Change API Password\">" +
"<p>If you forget the API password, stop i2pcontrol, delete the file <tt>" + _conf.getConfFile() +
"</tt>, and restart i2pcontrol.");
out.println("</form>");
} else {
out.println("<p><a href=\"password\">Change API Password</a>");
}
out.println("</body></html>");
out.close();
}
/** @since 0.12 */
private void doPasswordChange(HttpServletRequest req, HttpServletResponse httpServletResponse) throws ServletException, IOException {
httpServletResponse.setContentType("text/html");
setHeaders(httpServletResponse);
PrintWriter out = httpServletResponse.getWriter();
out.println("<html><head></head><body>");
String pw = req.getParameter("password");
if (pw == null)
pw = _secMan.DEFAULT_AUTH_PASSWORD;
@ -194,6 +198,21 @@ public class JSONRPC2Servlet extends HttpServlet {
}
}
out.println("<p><a href=\"password\">Change API Password</a>");
out.println("</body></html>");
out.close();
}
/**
* @since 0.9.48
*/
private static void setHeaders(HttpServletResponse resp) {
resp.setContentType("text/html");
resp.setHeader("X-Frame-Options", "SAMEORIGIN");
resp.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self'; script-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
resp.setHeader("X-XSS-Protection", "1; mode=block");
resp.setHeader("X-Content-Type-Options", "nosniff");
resp.setHeader("Pragma", "no-cache");
resp.setHeader("Cache-Control","no-cache");
}
@Override