2016-04-14 20:38:48 +02:00
|
|
|
// Copyright 2015, 2016 Ethcore (UK) Ltd.
|
|
|
|
|
// This file is part of Parity.
|
|
|
|
|
|
|
|
|
|
// Parity is free software: you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
|
|
|
|
|
// Parity is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
|
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
2016-07-06 11:24:29 +02:00
|
|
|
//! Hyper handlers implementations.
|
2016-04-14 20:38:48 +02:00
|
|
|
|
2016-07-06 11:24:29 +02:00
|
|
|
mod auth;
|
2016-07-07 09:42:49 +02:00
|
|
|
mod echo;
|
2016-07-06 11:24:29 +02:00
|
|
|
mod content;
|
|
|
|
|
mod redirect;
|
2016-08-18 12:19:09 +02:00
|
|
|
mod fetch;
|
2016-07-06 11:24:29 +02:00
|
|
|
|
|
|
|
|
pub use self::auth::AuthRequiredHandler;
|
2016-07-07 09:42:49 +02:00
|
|
|
pub use self::echo::EchoHandler;
|
2016-07-06 11:24:29 +02:00
|
|
|
pub use self::content::ContentHandler;
|
|
|
|
|
pub use self::redirect::Redirection;
|
2016-09-06 22:12:52 +02:00
|
|
|
pub use self::fetch::{ContentFetcherHandler, ContentValidator, FetchControl};
|
2016-07-07 09:42:49 +02:00
|
|
|
|
|
|
|
|
use url::Url;
|
|
|
|
|
use hyper::{server, header, net, uri};
|
2016-11-09 19:41:47 +01:00
|
|
|
use address;
|
2016-07-07 09:42:49 +02:00
|
|
|
|
2016-10-19 11:02:21 +02:00
|
|
|
/// Adds security-related headers to the Response.
|
2016-11-09 19:41:47 +01:00
|
|
|
pub fn add_security_headers(headers: &mut header::Headers, embeddable_on: Option<(String, u16)>) {
|
2016-10-19 11:02:21 +02:00
|
|
|
headers.set_raw("X-XSS-Protection", vec![b"1; mode=block".to_vec()]);
|
|
|
|
|
headers.set_raw("X-Content-Type-Options", vec![b"nosniff".to_vec()]);
|
|
|
|
|
|
|
|
|
|
// Embedding header:
|
2016-11-09 19:41:47 +01:00
|
|
|
if let Some(embeddable_on) = embeddable_on {
|
2016-10-19 11:02:21 +02:00
|
|
|
headers.set_raw(
|
|
|
|
|
"X-Frame-Options",
|
2016-11-09 19:41:47 +01:00
|
|
|
vec![format!("ALLOW-FROM http://{}", address(embeddable_on)).into_bytes()]
|
2016-10-19 11:02:21 +02:00
|
|
|
);
|
|
|
|
|
} else {
|
|
|
|
|
// TODO [ToDr] Should we be more strict here (DENY?)?
|
|
|
|
|
headers.set_raw("X-Frame-Options", vec![b"SAMEORIGIN".to_vec()]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Extracts URL part from the Request.
|
2016-07-07 09:42:49 +02:00
|
|
|
pub fn extract_url(req: &server::Request<net::HttpStream>) -> Option<Url> {
|
|
|
|
|
match *req.uri() {
|
|
|
|
|
uri::RequestUri::AbsoluteUri(ref url) => {
|
|
|
|
|
match Url::from_generic_url(url.clone()) {
|
|
|
|
|
Ok(url) => Some(url),
|
|
|
|
|
_ => None,
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
uri::RequestUri::AbsolutePath(ref path) => {
|
|
|
|
|
// Attempt to prepend the Host header (mandatory in HTTP/1.1)
|
|
|
|
|
let url_string = match req.headers().get::<header::Host>() {
|
|
|
|
|
Some(ref host) => {
|
|
|
|
|
format!("http://{}:{}{}", host.hostname, host.port.unwrap_or(80), path)
|
|
|
|
|
},
|
|
|
|
|
None => return None,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
match Url::parse(&url_string) {
|
|
|
|
|
Ok(url) => Some(url),
|
|
|
|
|
_ => None,
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
_ => None,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
