From a845d4f225f2ce5f23afb0f2c7af7d36cf0d2c80 Mon Sep 17 00:00:00 2001 From: zzz Date: Fri, 9 Mar 2018 16:02:00 +0000 Subject: [PATCH] Servlets: Add Accept-Ranges headers --- .../java/src/org/klomp/snark/web/BasicServlet.java | 8 +++++--- .../java/src/org/klomp/snark/web/I2PSnarkServlet.java | 1 + apps/i2ptunnel/jsp/edit.jsp | 1 + apps/i2ptunnel/jsp/index.jsp | 1 + apps/i2ptunnel/jsp/register.jsp | 1 + apps/i2ptunnel/jsp/wizard.jsp | 1 + .../src/main/java/net/i2p/imagegen/IdenticonServlet.java | 1 + .../webapp/src/main/java/net/i2p/imagegen/QRServlet.java | 1 + .../src/main/java/net/i2p/imagegen/RandomArtServlet.java | 1 + .../i2p/router/web/helpers/CodedIconRendererServlet.java | 1 + apps/routerconsole/jsp/css.jsi | 2 ++ apps/routerconsole/jsp/exportfamily.jsp | 1 + apps/routerconsole/jsp/flags.jsp | 1 + apps/routerconsole/jsp/viewhistory.jsp | 1 + apps/routerconsole/jsp/viewrouterlog.jsp | 1 + apps/routerconsole/jsp/viewstat.jsp | 1 + apps/routerconsole/jsp/viewtheme.jsp | 1 + apps/routerconsole/jsp/viewwrapperlog.jsp | 1 + apps/susidns/src/jsp/addressbook.jsp | 1 + apps/susidns/src/jsp/config.jsp | 1 + apps/susidns/src/jsp/details.jsp | 1 + apps/susidns/src/jsp/export.jsp | 1 + apps/susidns/src/jsp/index.jsp | 1 + apps/susidns/src/jsp/subscriptions.jsp | 1 + apps/susimail/src/src/i2p/susi/webmail/WebMail.java | 1 + 25 files changed, 30 insertions(+), 3 deletions(-) diff --git a/apps/i2psnark/java/src/org/klomp/snark/web/BasicServlet.java b/apps/i2psnark/java/src/org/klomp/snark/web/BasicServlet.java index 6d3f9e03e8..692e9bd6cf 100644 --- a/apps/i2psnark/java/src/org/klomp/snark/web/BasicServlet.java +++ b/apps/i2psnark/java/src/org/klomp/snark/web/BasicServlet.java @@ -384,12 +384,14 @@ class BasicServlet extends HttpServlet if (lml > 0) response.setDateHeader("Last-Modified",lml); - if (count != -1) - { - if (count<%@page pageEncoding="UTF-8" %><%@page trimDirectiveWhitespaces="true" diff --git a/apps/i2ptunnel/jsp/index.jsp b/apps/i2ptunnel/jsp/index.jsp index 82628b1adf..41461dc170 100644 --- a/apps/i2ptunnel/jsp/index.jsp +++ b/apps/i2ptunnel/jsp/index.jsp @@ -10,6 +10,7 @@ response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("Referrer-Policy", "no-referrer"); + response.setHeader("Accept-Ranges", "none"); %><%@page pageEncoding="UTF-8" %><%@page trimDirectiveWhitespaces="true" diff --git a/apps/i2ptunnel/jsp/register.jsp b/apps/i2ptunnel/jsp/register.jsp index 0243d952b4..a27853dd7f 100644 --- a/apps/i2ptunnel/jsp/register.jsp +++ b/apps/i2ptunnel/jsp/register.jsp @@ -6,6 +6,7 @@ response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("Referrer-Policy", "no-referrer"); + response.setHeader("Accept-Ranges", "none"); %><%@page pageEncoding="UTF-8" %><%@page contentType="text/html" import="java.io.InputStream,net.i2p.i2ptunnel.web.EditBean,net.i2p.servlet.RequestWrapper,net.i2p.client.I2PSessionException,net.i2p.client.naming.HostTxtEntry,net.i2p.data.PrivateKeyFile,net.i2p.data.SigningPrivateKey,net.i2p.util.OrderedProperties" diff --git a/apps/i2ptunnel/jsp/wizard.jsp b/apps/i2ptunnel/jsp/wizard.jsp index a641b06916..fff3f100e7 100644 --- a/apps/i2ptunnel/jsp/wizard.jsp +++ b/apps/i2ptunnel/jsp/wizard.jsp @@ -10,6 +10,7 @@ response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("Referrer-Policy", "no-referrer"); + response.setHeader("Accept-Ranges", "none"); %><%@page pageEncoding="UTF-8" %><%@page contentType="text/html" import="net.i2p.i2ptunnel.web.EditBean" diff --git a/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/IdenticonServlet.java b/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/IdenticonServlet.java index 7cf6d0e3f0..532d695f3b 100644 --- a/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/IdenticonServlet.java +++ b/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/IdenticonServlet.java @@ -167,6 +167,7 @@ public class IdenticonServlet extends HttpServlet { // return image bytes to requester response.setContentType(IDENTICON_IMAGE_MIMETYPE); response.setHeader("X-Content-Type-Options", "nosniff"); + response.setHeader("Accept-Ranges", "none"); response.setContentLength(imageBytes.length); response.getOutputStream().write(imageBytes); } diff --git a/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/QRServlet.java b/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/QRServlet.java index 9727719071..8395232500 100644 --- a/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/QRServlet.java +++ b/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/QRServlet.java @@ -193,6 +193,7 @@ public class QRServlet extends HttpServlet { // return image bytes to requester response.setContentType(IDENTICON_IMAGE_MIMETYPE); response.setHeader("X-Content-Type-Options", "nosniff"); + response.setHeader("Accept-Ranges", "none"); response.setContentLength(imageBytes.length); response.getOutputStream().write(imageBytes); } diff --git a/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/RandomArtServlet.java b/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/RandomArtServlet.java index 83dd20b75e..c42b3eb6f3 100644 --- a/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/RandomArtServlet.java +++ b/apps/imagegen/imagegen/webapp/src/main/java/net/i2p/imagegen/RandomArtServlet.java @@ -63,6 +63,7 @@ public class RandomArtServlet extends HttpServlet { response.setCharacterEncoding("UTF-8"); } response.setHeader("X-Content-Type-Options", "nosniff"); + response.setHeader("Accept-Ranges", "none"); buf.append(RandomArt.gnutls_key_fingerprint_randomart(h.getData(), "SHA", 256, "", true, html)); if (html) buf.append(""); diff --git a/apps/routerconsole/java/src/net/i2p/router/web/helpers/CodedIconRendererServlet.java b/apps/routerconsole/java/src/net/i2p/router/web/helpers/CodedIconRendererServlet.java index 5a12409c83..af05cca3c0 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/CodedIconRendererServlet.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/CodedIconRendererServlet.java @@ -43,6 +43,7 @@ public class CodedIconRendererServlet extends HttpServlet { srs.setContentType("image/png"); srs.setHeader("X-Content-Type-Options", "nosniff"); + srs.setHeader("Accept-Ranges", "none"); srs.setDateHeader("Expires", I2PAppContext.getGlobalContext().clock().now() + 86400000l); srs.setHeader("Cache-Control", "public, max-age=86400"); OutputStream os = srs.getOutputStream(); diff --git a/apps/routerconsole/jsp/css.jsi b/apps/routerconsole/jsp/css.jsi index 3e68d36216..d203be368c 100644 --- a/apps/routerconsole/jsp/css.jsi +++ b/apps/routerconsole/jsp/css.jsi @@ -29,6 +29,8 @@ " /> images/favicon.ico"> <% + response.setHeader("Accept-Ranges", "none"); + // clickjacking if (intl.shouldSendXFrame()) { response.setHeader("X-Frame-Options", "SAMEORIGIN"); diff --git a/apps/routerconsole/jsp/exportfamily.jsp b/apps/routerconsole/jsp/exportfamily.jsp index 5029680b49..5148ee85a5 100644 --- a/apps/routerconsole/jsp/exportfamily.jsp +++ b/apps/routerconsole/jsp/exportfamily.jsp @@ -17,6 +17,7 @@ try { } try { response.setDateHeader("Expires", 0); + response.setHeader("Accept-Ranges", "none"); response.addHeader("Cache-Control", "no-store, max-age=0, no-cache, must-revalidate"); response.addHeader("Pragma", "no-cache"); String name = "family-" + family + "-secret.crt"; diff --git a/apps/routerconsole/jsp/flags.jsp b/apps/routerconsole/jsp/flags.jsp index 9310b91f42..2e87c2ccd8 100644 --- a/apps/routerconsole/jsp/flags.jsp +++ b/apps/routerconsole/jsp/flags.jsp @@ -44,6 +44,7 @@ if (c != null && if (length > 0) response.setHeader("Content-Length", Long.toString(length)); response.setContentType("image/png"); + response.setHeader("Accept-Ranges", "none"); try { net.i2p.util.FileUtil.readFile(file, base, cout); } catch (java.io.IOException ioe) { diff --git a/apps/routerconsole/jsp/viewhistory.jsp b/apps/routerconsole/jsp/viewhistory.jsp index 7319c9080d..24f7ed8552 100644 --- a/apps/routerconsole/jsp/viewhistory.jsp +++ b/apps/routerconsole/jsp/viewhistory.jsp @@ -8,6 +8,7 @@ */ response.setContentType("text/plain"); response.setHeader("X-Content-Type-Options", "nosniff"); +response.setHeader("Accept-Ranges", "none"); response.setDateHeader("Expires", 0); response.addHeader("Cache-Control", "no-store, max-age=0, no-cache, must-revalidate"); response.addHeader("Pragma", "no-cache"); diff --git a/apps/routerconsole/jsp/viewrouterlog.jsp b/apps/routerconsole/jsp/viewrouterlog.jsp index c829f7715e..393476c4e1 100644 --- a/apps/routerconsole/jsp/viewrouterlog.jsp +++ b/apps/routerconsole/jsp/viewrouterlog.jsp @@ -16,6 +16,7 @@ if (length <= 0 || !f.isFile()) { } else { response.setContentType("text/plain"); response.setHeader("X-Content-Type-Options", "nosniff"); + response.setHeader("Accept-Ranges", "none"); response.setHeader("Content-Length", Long.toString(length)); response.setDateHeader("Expires", 0); response.addHeader("Cache-Control", "no-store, max-age=0, no-cache, must-revalidate"); diff --git a/apps/routerconsole/jsp/viewstat.jsp b/apps/routerconsole/jsp/viewstat.jsp index 2d17dedc75..892521b6a7 100644 --- a/apps/routerconsole/jsp/viewstat.jsp +++ b/apps/routerconsole/jsp/viewstat.jsp @@ -45,6 +45,7 @@ if ( !rendered && ((rs != null) || fakeBw) ) { response.setContentType("image/png"); // very brief 45 sec expire response.setDateHeader("Expires", net.i2p.I2PAppContext.getGlobalContext().clock().now() + (45*1000)); + response.setHeader("Accept-Ranges", "none"); // http://jira.codehaus.org/browse/JETTY-1346 // This doesn't actually appear in the response, but it fixes the problem, // so Jetty must look for this header and close the connection. diff --git a/apps/routerconsole/jsp/viewtheme.jsp b/apps/routerconsole/jsp/viewtheme.jsp index aad8e164ef..c18857945d 100644 --- a/apps/routerconsole/jsp/viewtheme.jsp +++ b/apps/routerconsole/jsp/viewtheme.jsp @@ -21,6 +21,7 @@ if (uri.endsWith(".css")) { } else if (uri.endsWith(".svg")) { response.setContentType("image/svg+xml"); } +response.setHeader("Accept-Ranges", "none"); response.setHeader("X-Content-Type-Options", "nosniff"); /* * User or plugin themes diff --git a/apps/routerconsole/jsp/viewwrapperlog.jsp b/apps/routerconsole/jsp/viewwrapperlog.jsp index f90e302cbe..c892988440 100644 --- a/apps/routerconsole/jsp/viewwrapperlog.jsp +++ b/apps/routerconsole/jsp/viewwrapperlog.jsp @@ -15,6 +15,7 @@ if (length <= 0 || !f.isFile()) { response.setContentType("text/plain"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("Content-Length", Long.toString(length)); + response.setHeader("Accept-Ranges", "none"); response.setDateHeader("Expires", 0); response.addHeader("Cache-Control", "no-store, max-age=0, no-cache, must-revalidate"); response.addHeader("Pragma", "no-cache"); diff --git a/apps/susidns/src/jsp/addressbook.jsp b/apps/susidns/src/jsp/addressbook.jsp index 23533b0c7f..bce4e1e42e 100644 --- a/apps/susidns/src/jsp/addressbook.jsp +++ b/apps/susidns/src/jsp/addressbook.jsp @@ -32,6 +32,7 @@ response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("Referrer-Policy", "no-referrer"); + response.setHeader("Accept-Ranges", "none"); %> <%@page pageEncoding="UTF-8"%> diff --git a/apps/susidns/src/jsp/config.jsp b/apps/susidns/src/jsp/config.jsp index 64323d5697..eada35e60b 100644 --- a/apps/susidns/src/jsp/config.jsp +++ b/apps/susidns/src/jsp/config.jsp @@ -32,6 +32,7 @@ response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("Referrer-Policy", "no-referrer"); + response.setHeader("Accept-Ranges", "none"); %> <%@page pageEncoding="UTF-8"%> diff --git a/apps/susidns/src/jsp/details.jsp b/apps/susidns/src/jsp/details.jsp index b6063de750..0dd8e4902b 100644 --- a/apps/susidns/src/jsp/details.jsp +++ b/apps/susidns/src/jsp/details.jsp @@ -29,6 +29,7 @@ response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("Referrer-Policy", "no-referrer"); + response.setHeader("Accept-Ranges", "none"); %> <%@page pageEncoding="UTF-8"%> diff --git a/apps/susidns/src/jsp/export.jsp b/apps/susidns/src/jsp/export.jsp index d100cd7628..a31a06da0d 100644 --- a/apps/susidns/src/jsp/export.jsp +++ b/apps/susidns/src/jsp/export.jsp @@ -24,6 +24,7 @@ if (request.getCharacterEncoding() == null) request.setCharacterEncoding("UTF-8"); response.setHeader("X-Content-Type-Options", "nosniff"); + response.setHeader("Accept-Ranges", "none"); %> <%@page pageEncoding="UTF-8"%> <%@page trimDirectiveWhitespaces="true"%> diff --git a/apps/susidns/src/jsp/index.jsp b/apps/susidns/src/jsp/index.jsp index 944711ac75..94e7210e25 100644 --- a/apps/susidns/src/jsp/index.jsp +++ b/apps/susidns/src/jsp/index.jsp @@ -32,6 +32,7 @@ response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("Referrer-Policy", "no-referrer"); + response.setHeader("Accept-Ranges", "none"); %> <%@page pageEncoding="UTF-8"%> diff --git a/apps/susidns/src/jsp/subscriptions.jsp b/apps/susidns/src/jsp/subscriptions.jsp index b12f320f30..24467654a8 100644 --- a/apps/susidns/src/jsp/subscriptions.jsp +++ b/apps/susidns/src/jsp/subscriptions.jsp @@ -32,6 +32,7 @@ response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("Referrer-Policy", "no-referrer"); + response.setHeader("Accept-Ranges", "none"); %> <%@page pageEncoding="UTF-8"%> diff --git a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java index ce34bef1e6..7d25e25af1 100644 --- a/apps/susimail/src/src/i2p/susi/webmail/WebMail.java +++ b/apps/susimail/src/src/i2p/susi/webmail/WebMail.java @@ -1911,6 +1911,7 @@ public class WebMail extends HttpServlet response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("Referrer-Policy", "no-referrer"); + response.setHeader("Accept-Ranges", "none"); RequestWrapper request = new RequestWrapper( httpRequest ); SessionObject sessionObject = null;