echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Console, webapps: CSP improvements

Browse Source 
i2ptunnel, susidns: Add headers.jsi
Console: Remove onload and use nonce for inline scripts where able
Version remaining js links
This commit is contained in:
zzz
2019-12-25 12:18:00 +00:00
parent 63b48e30be
commit fa9f60bcd9
64 changed files with 118 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
View File

@ -414,7 +414,7 @@ public class I2PSnarkServlet extends BasicServlet {
resp.setContentType("text/html; charset=UTF-8");
// "no-store, max-age=0" forces all our images to be reloaded on ajax refresh
resp.setHeader("Cache-Control", "max-age=86400, no-cache, must-revalidate");
resp.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
resp.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; object-src 'none'");
resp.setDateHeader("Expires", 86400);
resp.setHeader("Pragma", "no-cache");
resp.setHeader("X-Frame-Options", "SAMEORIGIN");

2
apps/i2ptunnel/jsp/edit.jsp
View File

@ -3,7 +3,7 @@
response.setHeader("X-Frame-Options", "SAMEORIGIN");
// edit pages need script for the delete button 'are you sure'
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");

15
apps/i2ptunnel/jsp/headers.jsi Normal file
View File

@ -0,0 +1,15 @@
<%
// NOTE: Do the header carefully so there is no whitespace before the <?xml... line
// http://www.crazysquirrel.com/computing/general/form-encoding.jspx
if (request.getCharacterEncoding() == null)
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
response.setHeader("Accept-Ranges", "none");
%>

15
apps/i2ptunnel/jsp/index.jsp
View File

@ -1,17 +1,4 @@
<%
// NOTE: Do the header carefully so there is no whitespace before the <?xml... line
// http://www.crazysquirrel.com/computing/general/form-encoding.jspx
if (request.getCharacterEncoding() == null)
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
response.setHeader("Accept-Ranges", "none");
<%@include file="headers.jsi"
%><%@page pageEncoding="UTF-8"
%><%@page trimDirectiveWhitespaces="true"
%><%@page contentType="text/html" import="net.i2p.i2ptunnel.web.IndexBean"

11
apps/i2ptunnel/jsp/register.jsp
View File

@ -1,13 +1,4 @@
<%
// NOTE: Do the header carefully so there is no whitespace before the <?xml... line
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
response.setHeader("Accept-Ranges", "none");
<%@include file="headers.jsi"
%><%@page pageEncoding="UTF-8"
%><%@page contentType="text/html" import="java.io.InputStream,net.i2p.i2ptunnel.web.EditBean,net.i2p.servlet.RequestWrapper,net.i2p.client.I2PSessionException,net.i2p.client.naming.HostTxtEntry,net.i2p.data.PrivateKeyFile,net.i2p.data.SigningPrivateKey,net.i2p.util.OrderedProperties"
%><%@page

11
apps/i2ptunnel/jsp/ssl.jsp
View File

@ -1,13 +1,4 @@
<%
// NOTE: Do the header carefully so there is no whitespace before the <?xml... line
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
response.setHeader("Accept-Ranges", "none");
<%@include file="headers.jsi"
%><%@page pageEncoding="UTF-8"
%><%@page contentType="text/html" import="java.io.File,java.io.IOException,net.i2p.crypto.KeyStoreUtil,net.i2p.data.DataHelper,net.i2p.jetty.JettyXmlConfigurationParser"
%><%@page

15
apps/i2ptunnel/jsp/wizard.jsp
View File

@ -1,17 +1,4 @@
<%
// NOTE: Do the header carefully so there is no whitespace before the <?xml... line
// http://www.crazysquirrel.com/computing/general/form-encoding.jspx
if (request.getCharacterEncoding() == null)
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
response.setHeader("Accept-Ranges", "none");
<%@include file="headers.jsi"
%><%@page pageEncoding="UTF-8"
%><%@page contentType="text/html" import="net.i2p.i2ptunnel.web.EditBean"
%><?xml version="1.0" encoding="UTF-8"?>

3
apps/jetty/java/src/net/i2p/servlet/ErrorServlet.java
View File

@ -90,7 +90,7 @@ public class ErrorServlet extends HttpServlet {
resp.setDateHeader("Expires", 0);
resp.setHeader("Cache-Control", "no-store, max-age=0, no-cache, must-revalidate");
resp.setHeader("Pragma", "no-cache");
resp.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'none'");
resp.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'none'; form-action 'none'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
Integer ERROR_CODE = (Integer) req.getAttribute("javax.servlet.error.status_code");
String ERROR_URI = (String) req.getAttribute("javax.servlet.error.request_uri");
String ERROR_MESSAGE = (String) req.getAttribute("javax.servlet.error.message");
@ -114,6 +114,7 @@ public class ErrorServlet extends HttpServlet {
ERROR_URI.endsWith(".ico") ||
ERROR_URI.endsWith(".svg") ||
ERROR_URI.endsWith(".txt") ||
ERROR_URI.endsWith(".js") ||
ERROR_URI.endsWith(".css"))) {
// keep it simple
resp.setContentType("text/plain");

3
apps/routerconsole/jsp/certs.jsp
View File

@ -5,9 +5,8 @@
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("Certificates")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %><h1><%=intl._t("Certificates")%></h1>
<div class="main" id="certs">
<jsp:useBean class="net.i2p.router.web.helpers.CertHelper" id="certhelper" scope="request" />

6
apps/routerconsole/jsp/config.jsp
View File

@ -2,16 +2,12 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("configure bandwidth")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigNetHelper" id="nethelper" scope="request" />
<jsp:setProperty name="nethelper" property="contextId" value="<%=i2pcontextId%>" />
<h1><%=intl._t("I2P Bandwidth Configuration")%></h1>

6
apps/routerconsole/jsp/configadvanced.jsp
View File

@ -2,16 +2,12 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config advanced")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigAdvancedHelper" id="advancedhelper" scope="request" />
<jsp:setProperty name="advancedhelper" property="contextId" value="<%=i2pcontextId%>" />

7
apps/routerconsole/jsp/configclients.jsp
View File

@ -1,9 +1,9 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%@include file="csp-unsafe.jsi" %>
<%=intl.title("config clients")%>
<style type='text/css'>
button span.hide{
@ -11,12 +11,9 @@ button span.hide{
}
input.default { width: 1px; height: 1px; visibility: hidden; }
</style>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigClientsHelper" id="clientshelper" scope="request" />
<jsp:setProperty name="clientshelper" property="contextId" value="<%=i2pcontextId%>" />
<jsp:setProperty name="clientshelper" property="edit" value="<%=request.getParameter(\"edit\")%>" />

6
apps/routerconsole/jsp/configfamily.jsp
View File

@ -1,16 +1,12 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config router family")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigFamilyHelper" id="familyHelper" scope="request" />
<jsp:setProperty name="familyHelper" property="contextId" value="<%=i2pcontextId%>" />
<h1><%=intl._t("I2P Router Family Configuration")%></h1>

5
apps/routerconsole/jsp/confighome.jsp
View File

@ -1,7 +1,6 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config home")%>
@ -12,10 +11,8 @@ input.default {
visibility: hidden;
}
</style>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Home Page Configuration")%></h1>
<div class="main" id="config_homepage">

6
apps/routerconsole/jsp/configi2cp.jsp
View File

@ -1,7 +1,6 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config clients")%>
@ -11,12 +10,9 @@ button span.hide{
}
input.default { width: 1px; height: 1px; visibility: hidden; }
</style>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigClientsHelper" id="clientshelper" scope="request" />
<jsp:setProperty name="clientshelper" property="contextId" value="<%=i2pcontextId%>" />
<jsp:setProperty name="clientshelper" property="edit" value="<%=request.getParameter(\"edit\")%>" />

5
apps/routerconsole/jsp/configkeyring.jsp
View File

@ -1,14 +1,11 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config keyring")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Keyring Configuration")%></h1>
<div class="main" id="config_keyring">

5
apps/routerconsole/jsp/configlogging.jsp
View File

@ -2,16 +2,13 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config logging")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigLoggingHelper" id="logginghelper" scope="request" />
<jsp:setProperty name="logginghelper" property="contextId" value="<%=i2pcontextId%>" />
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Logging Configuration")%></h1>
<div class="main" id="config_logging">

6
apps/routerconsole/jsp/confignet.jsp
View File

@ -1,16 +1,12 @@
<%@page contentType="text/html" %>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config networking")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigNetHelper" id="nethelper" scope="request" />
<jsp:setProperty name="nethelper" property="contextId" value="<%=i2pcontextId%>" />
<h1><%=intl._t("I2P Network Configuration")%></h1>

3
apps/routerconsole/jsp/configpeer.jsp
View File

@ -4,9 +4,8 @@
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config peers")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Peer Configuration")%></h1>
<div class="main" id="config_peers">

6
apps/routerconsole/jsp/configplugins.jsp
View File

@ -1,7 +1,6 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config plugins")%>
@ -11,12 +10,9 @@ button span.hide{
}
input.default { width: 1px; height: 1px; visibility: hidden; }
</style>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigClientsHelper" id="clientshelper" scope="request" />
<jsp:setProperty name="clientshelper" property="contextId" value="<%=i2pcontextId%>" />
<jsp:setProperty name="clientshelper" property="edit" value="<%=request.getParameter(\"edit\")%>" />

6
apps/routerconsole/jsp/configreseed.jsp
View File

@ -1,16 +1,12 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config reseeding")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigReseedHelper" id="reseedHelper" scope="request" />
<jsp:setProperty name="reseedHelper" property="contextId" value="<%=i2pcontextId%>" />
<h1><%=intl._t("I2P Reseeding Configuration")%></h1>

5
apps/routerconsole/jsp/configservice.jsp
View File

@ -1,14 +1,11 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config service")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Service Configuration")%></h1>
<div class="main" id="config_service">

5
apps/routerconsole/jsp/configsidebar.jsp
View File

@ -1,7 +1,6 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config sidebar")%>
@ -12,10 +11,8 @@ input.default {
visibility: hidden;
}
</style>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Sidebar Configuration")%></h1>
<div class="main" id="config_summarybar">

5
apps/routerconsole/jsp/configstats.jsp
View File

@ -2,14 +2,13 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%@include file="csp-unsafe.jsi" %>
<%=intl.title("config stats")%>
<noscript><style type="text/css">.script {display: none;}</style></noscript>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
<script type="text/javascript">
<script nonce="<%=cspNonce%>" type="text/javascript">
function init()
{
checkAll = false;

6
apps/routerconsole/jsp/configtunnels.jsp
View File

@ -1,16 +1,12 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config tunnels")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigTunnelsHelper" id="tunnelshelper" scope="request" />
<jsp:setProperty name="tunnelshelper" property="contextId" value="<%=i2pcontextId%>" />
<h1><%=intl._t("I2P Tunnel Configuration")%></h1>

6
apps/routerconsole/jsp/configui.jsp
View File

@ -2,7 +2,6 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config UI")%>
@ -13,12 +12,9 @@ input.default {
visibility: hidden;
}
</style>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigUIHelper" id="uihelper" scope="request" />
<jsp:setProperty name="uihelper" property="contextId" value="<%=i2pcontextId%>" />

5
apps/routerconsole/jsp/configupdate.jsp
View File

@ -2,14 +2,11 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config update")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Update Configuration")%></h1>
<div class="main" id="config_update">

6
apps/routerconsole/jsp/configwebapps.jsp
View File

@ -1,7 +1,6 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("config webapps")%>
@ -11,12 +10,9 @@ button span.hide{
}
input.default { width: 1px; height: 1px; visibility: hidden; }
</style>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.ConfigClientsHelper" id="clientshelper" scope="request" />
<jsp:setProperty name="clientshelper" property="contextId" value="<%=i2pcontextId%>" />
<jsp:setProperty name="clientshelper" property="edit" value="<%=request.getParameter(\"edit\")%>" />

6
apps/routerconsole/jsp/console.jsp
View File

@ -2,19 +2,15 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("home")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%
String consoleNonce = net.i2p.router.web.CSSHelper.getNonce();
%>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Router Console")%></h1>
<div class="news" id="news">
<%

4
apps/routerconsole/jsp/csp-unsafe.jsi Normal file
View File

@ -0,0 +1,4 @@
<%
// Add this AFTER css.jsi if there's any onclick attributes in the page
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
%>

6
apps/routerconsole/jsp/css.jsi
View File

@ -34,10 +34,14 @@
<link rel="icon" href="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/favicon.ico"><%
response.setHeader("Accept-Ranges", "none");
String cspNonce = Integer.toHexString(net.i2p.util.RandomSource.getInstance().nextInt());
// clickjacking
if (intl.shouldSendXFrame()) {
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
// unsafe-inline is a fallback for browsers not supporting nonce
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'nonce-" + cspNonce + "'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
}

3
apps/routerconsole/jsp/debug.jsp
View File

@ -9,9 +9,8 @@
%>
<html><head><title>I2P Router Console - Debug</title>
<%@include file="css.jsi" %>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1>Router Debug</h1>
<div class="main" id="debug">

11
apps/routerconsole/jsp/dns.jsp
View File

@ -21,24 +21,21 @@
} else {
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%@include file="csp-unsafe.jsi" %>
<%=intl.title("addressbook")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<script src="/js/iframed.js" type="text/javascript"></script>
<script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
<script type="text/javascript">
<script nonce="<%=cspNonce%>" type="text/javascript">
function setupFrame() {
f = document.getElementById("susidnsframe");
injectClass(f);
resizeFrame(f);
}
</script>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Addressbook")%> <span class="newtab"><a href="/susidns/index" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1>
<div class="main" id="dns">
<iframe src="/susidns/index" width="100%" height="100%" frameborder="0" border="0" name="susidnsframe" id="susidnsframe" onload="setupFrame()" allowtransparency="true">

3
apps/routerconsole/jsp/error.jsp
View File

@ -27,9 +27,8 @@
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("Page Not Found")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=ERROR_CODE%>&nbsp;<%=ERROR_MESSAGE%></h1>
<div class="sorry" id="warning">

4
apps/routerconsole/jsp/events.jsp
View File

@ -2,7 +2,6 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("events")%>
@ -14,9 +13,8 @@
eventHelper.storeWriter(out);
eventHelper.storeMethod(request.getMethod());
%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Event Log")%></h1>
<div class="main" id="events">

4
apps/routerconsole/jsp/graph.jsp
View File

@ -1,7 +1,6 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("graphs")%>
@ -12,9 +11,8 @@
<%
graphHelper.storeWriter(out);
%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<%
// needs to be after the summary bar is rendered, so

4
apps/routerconsole/jsp/graphs.jsp
View File

@ -2,7 +2,6 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("graphs")%>
@ -19,9 +18,8 @@
out.print(graphHelper.getRefreshMeta());
}
%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Performance Graphs")%></h1>
<div class="main" id="graphs">

3
apps/routerconsole/jsp/help.jsp
View File

@ -5,9 +5,8 @@
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("help")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Router Help and Support")%></h1>
<div class="main" id="help">

3
apps/routerconsole/jsp/home.jsp
View File

@ -4,9 +4,8 @@
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("home")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%
String consoleNonce = net.i2p.router.web.CSSHelper.getNonce();
%>

9
apps/routerconsole/jsp/i2ptunnelmgr.jsp
View File

@ -21,14 +21,13 @@
} else {
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%@include file="csp-unsafe.jsi" %>
<%=intl.title("Hidden Services Manager")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<script src="/js/iframed.js" type="text/javascript"></script>
<script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
<script type="text/javascript">
<script nonce="<%=cspNonce%>" type="text/javascript">
function injectClassSpecific(f) {
var doc = 'contentDocument' in f? f.contentDocument : f.contentWindow.document;
if (doc.getElementsByClassName == undefined) {
@ -57,7 +56,7 @@
resizeFrame(f);
}
</script>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>

4
apps/routerconsole/jsp/jars.jsp
View File

@ -1,13 +1,11 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("Jar File Dump")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %><h1>Jar File Dump</h1>
<div class="main" id="jardump">
<jsp:useBean class="net.i2p.router.web.helpers.FileDumpHelper" id="dumpHelper" scope="request" />

4
apps/routerconsole/jsp/jobs.jsp
View File

@ -2,13 +2,11 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("job queue")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %><h1><%=intl._t("I2P Router Job Queue")%></h1>
<div class="main" id="jobs">
<jsp:useBean class="net.i2p.router.web.helpers.JobQueueHelper" id="jobQueueHelper" scope="request" />

4
apps/routerconsole/jsp/logs.jsp
View File

@ -1,13 +1,11 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("logs")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Router Logs")%></h1>
<div class="main" id="logs">

4
apps/routerconsole/jsp/netdb.jsp
View File

@ -2,13 +2,11 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("network database")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Network Database")%></h1>
<div class="main" id="netdb">

4
apps/routerconsole/jsp/news.jsp
View File

@ -1,13 +1,11 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("News")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("Latest News")%></h1>
<div class="main" id="news">

3
apps/routerconsole/jsp/nowebapp.jsp
View File

@ -7,9 +7,8 @@
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("WebApp Not Found")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("Web Application Not Running")%></h1>
<div class="sorry" id="warning">

3
apps/routerconsole/jsp/oldconsole.jsp
View File

@ -9,9 +9,8 @@
%>
<html><head><title>I2P Router Console - internals</title>
<%@include file="css.jsi" %>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.OldConsoleHelper" id="conhelper" scope="request" />
<jsp:setProperty name="conhelper" property="contextId" value="<%=i2pcontextId%>" />

4
apps/routerconsole/jsp/peers.jsp
View File

@ -2,13 +2,11 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("peer connections")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Network Peers")%></h1>
<div class="main" id="peers">

4
apps/routerconsole/jsp/profiles.jsp
View File

@ -2,13 +2,11 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("peer profiles")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Network Peer Profiles")%></h1>
<div class="main" id="profiles"><div class="wideload">

4
apps/routerconsole/jsp/proof.jsp
View File

@ -1,13 +1,11 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("Proof")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %><h1>Proof of Ownership</h1>
<div class="main" id="proof"><p>
<jsp:useBean class="net.i2p.router.web.helpers.ProofHelper" id="proofHelper" scope="request" />

4
apps/routerconsole/jsp/stats.jsp
View File

@ -2,13 +2,11 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("statistics")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<jsp:useBean class="net.i2p.router.web.helpers.OldConsoleHelper" id="oldhelper" scope="request" />
<jsp:setProperty name="oldhelper" property="contextId" value="<%=i2pcontextId%>" />

4
apps/routerconsole/jsp/summaryajax.jsi
View File

@ -1,5 +1,7 @@
<script type="text/javascript">
<script src="/js/ajax.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
<script nonce="<%=cspNonce%>" type="text/javascript">
var failMessage = "<hr><b><%=intl._t("Router is down")%><\/b>";
function requestAjax1() { ajax("/xhr1.jsp?requestURI=<%=request.getRequestURI()%>", "xhr", <%=intl.getRefresh()%>000); }
function initAjax() { setTimeout(requestAjax1, <%=intl.getRefresh()%>000); }
initAjax();
</script>

11
apps/routerconsole/jsp/torrents.jsp
View File

@ -22,24 +22,21 @@
} else {
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%@include file="csp-unsafe.jsi" %>
<%=intl.title("torrents")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<script src="/js/iframed.js" type="text/javascript"></script>
<script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
<script type="text/javascript">
<script nonce="<%=cspNonce%>" type="text/javascript">
function setupFrame() {
f = document.getElementById("i2psnarkframe");
injectClass(f);
resizeFrame(f);
}
</script>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Torrent Manager")%> <span class="newtab"><a href="/i2psnark/" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1>
<div class="main" id="torrents">
<iframe src="/i2psnark/" width="100%" height="100%" frameborder="0" border="0" name="i2psnarkframe" id="i2psnarkframe" onload="setupFrame()" allowtransparency="true">

4
apps/routerconsole/jsp/tunnels.jsp
View File

@ -2,13 +2,11 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("tunnel summary")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %><h1><%=intl._t("I2P Tunnel Summary")%></h1>
<div class="main" id="tunnels">
<jsp:useBean class="net.i2p.router.web.helpers.TunnelHelper" id="tunnelHelper" scope="request" />

4
apps/routerconsole/jsp/viewprofile.jsp
View File

@ -2,13 +2,11 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%=intl.title("Peer Profile")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("Peer Profile")%></h1>
<div class="main" id="view_profile"><div class="wideload">

11
apps/routerconsole/jsp/webmail.jsp
View File

@ -22,24 +22,21 @@
} else {
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<%@include file="css.jsi" %>
<%@include file="csp-unsafe.jsi" %>
<%=intl.title("webmail")%>
<script src="/js/ajax.js" type="text/javascript"></script>
<script src="/js/iframed.js" type="text/javascript"></script>
<script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %>
<script type="text/javascript">
<script nonce="<%=cspNonce%>" type="text/javascript">
function setupFrame() {
f = document.getElementById("susimailframe");
injectClass(f);
resizeFrame(f);
}
</script>
</head><body onload="initAjax()">
</head><body>
<%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Webmail")%> <span class="newtab"><a href="/susimail/" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1>
<div class="main" id="webmail">
<iframe src="/susimail/" width="100%" height="100%" frameborder="0" border="0" name="susimailframe" id="susimailframe" onload="setupFrame()" allowtransparency="true">

20
apps/routerconsole/jsp/welcome.jsp
View File

@ -66,8 +66,8 @@
wizhelper.setContextId(i2pcontextId);
if (ipg == 4) {
%>
<script src="/js/welcomeajax.js" type="text/javascript"></script>
<script type="text/javascript">
<script src="/js/welcomeajax.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
<script nonce="<%=cspNonce%>" type="text/javascript">
var failMessage = "<b><%=intl._t("Router is down")%><\/b>";
var progressMessage = "<b><%=intl._t("Bandwidth test in progress...")%><\/b>";
var doneMessage = "<b><%=intl._t("Bandwidth test is complete, click Next")%><\/b>";
@ -76,22 +76,12 @@
document.getElementById("xhr").innerHTML = progressMessage;
setTimeout(requestAjax1, "1000");
}
initAjax();
</script>
<%
}
%>
</head>
<%
if (ipg == 4) {
%>
<body onload="initAjax()">
<%
} else {
%>
<body>
<%
}
} // ipg == 4
%>
</head><body>
<div id="wizard" class="overlay">
<jsp:useBean class="net.i2p.router.web.helpers.WizardHandler" id="formhandler" scope="request" />

4
apps/susidns/src/jsp/addressbook.jsp
View File

@ -28,7 +28,7 @@
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
@ -57,7 +57,7 @@
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>${book.book} <%=intl._t("address book")%> - susidns</title>
<link rel="stylesheet" type="text/css" href="<%=book.getTheme()%>susidns.css?<%=net.i2p.CoreVersion.VERSION%>">
<script src="/js/resetScroll.js" type="text/javascript"></script>
<script src="/js/resetScroll.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
</head>
<body>
<div class="page">

13
apps/susidns/src/jsp/config.jsp
View File

@ -22,19 +22,8 @@
*
* $Revision: 1.1 $
*/
// http://www.crazysquirrel.com/computing/general/form-encoding.jspx
if (request.getCharacterEncoding() == null)
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
response.setHeader("Accept-Ranges", "none");
%>
<%@include file="headers.jsi" %>
<%@page pageEncoding="UTF-8"%>
<%@ page contentType="text/html" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>

13
apps/susidns/src/jsp/details.jsp
View File

@ -19,19 +19,8 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
// http://www.crazysquirrel.com/computing/general/form-encoding.jspx
if (request.getCharacterEncoding() == null)
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
response.setHeader("Accept-Ranges", "none");
%>
<%@include file="headers.jsi" %>
<%@page pageEncoding="UTF-8"%>
<%@ page contentType="text/html"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

12
apps/susidns/src/jsp/headers.jsi Normal file
View File

@ -0,0 +1,12 @@
<%
// http://www.crazysquirrel.com/computing/general/form-encoding.jspx
if (request.getCharacterEncoding() == null)
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
response.setHeader("Accept-Ranges", "none");
%>

2
apps/susidns/src/jsp/index.jsp
View File

@ -28,7 +28,7 @@
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; form-action 'self'; frame-ancestors 'self'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");

13
apps/susidns/src/jsp/subscriptions.jsp
View File

@ -22,19 +22,8 @@
*
* $Revision: 1.2 $
*/
// http://www.crazysquirrel.com/computing/general/form-encoding.jspx
if (request.getCharacterEncoding() == null)
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
response.setHeader("Accept-Ranges", "none");
%>
<%@include file="headers.jsi" %>
<%@page pageEncoding="UTF-8"%>
<%@ page contentType="text/html"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

2
apps/susimail/src/src/i2p/susi/webmail/WebMail.java
View File

@ -2008,7 +2008,7 @@ public class WebMail extends HttpServlet
httpRequest.setCharacterEncoding("UTF-8");
response.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");