private static bool IsForbiddenFolder(PortalContextInitInfo initInfo) { if (initInfo == null || string.IsNullOrEmpty(initInfo.SiteRelativePath)) { return(false); } // get the first folder name from the path var folderNames = initInfo.SiteRelativePath.Trim('/').Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries); var firstFolderName = folderNames.Length > 0 ? folderNames[0] : string.Empty; if (!string.IsNullOrEmpty(firstFolderName) && _forbiddenFolders.Any(fp => string.CompareOrdinal(fp, firstFolderName) == 0)) { return(true); } // if it is a full path if (initInfo.SiteRelativePath.StartsWith("/Root/", StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(initInfo.SiteUrl)) { // find the site above this content var site = PortalContext.Sites.Values.FirstOrDefault(s => s.UrlList.ContainsKey(initInfo.SiteUrl)); if (site == null) { return(false); } var siteRelative = PortalContext.GetSiteRelativePath(initInfo.SiteRelativePath, site); folderNames = siteRelative.Trim('/').Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries); firstFolderName = folderNames.Length > 0 ? folderNames[0] : string.Empty; if (!string.IsNullOrEmpty(firstFolderName) && _forbiddenFolders.Any(fp => string.CompareOrdinal(fp, firstFolderName) == 0)) { return(true); } } return(false); }
private void HandleResponseForClientCache(PortalContextInitInfo initInfo) { // binaryhandler if (initInfo.BinaryHandlerRequestedNodeHead != null) { var bhMaxAge = Settings.GetValue(PortalSettings.SETTINGSNAME, PortalSettings.SETTINGS_BINARYHANDLER_MAXAGE, initInfo.RepositoryPath, 0); if (bhMaxAge > 0) { HttpHeaderTools.SetCacheControlHeaders(bhMaxAge); // We're only handling these if the visitor has permissions to the node if (CheckVisitorPermissions(initInfo.RequestedNodeHead)) { // handle If-Modified-Since and Last-Modified headers HttpHeaderTools.EndResponseForClientCache(initInfo.BinaryHandlerRequestedNodeHead.ModificationDate); } else { // otherwise store the value for later use initInfo.ModificationDateForClient = initInfo.BinaryHandlerRequestedNodeHead.ModificationDate; } return; } } if (initInfo.IsWebdavRequest || initInfo.IsOfficeProtocolRequest) { HttpContext.Current.Response.Headers.Add("Pragma", "no-cache"); // HTTP 1.0 HttpContext.Current.Response.Headers.Add("Expires", "Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past return; } // get requested nodehead if (initInfo.RequestedNodeHead == null) { return; } // if action name is given, do not do shortcircuit (eg. myscript.js?action=Edit should be a server-rendered page) if (!string.IsNullOrEmpty(initInfo.ActionName)) { return; } // ********************************************************** // Image content check is moved to OnAuthorize event handler, because it needs the // fully loaded node. Here we handle only other content - e.g. js/css files. // ********************************************************** if (!initInfo.RequestedNodeHead.GetNodeType().IsInstaceOfOrDerivedFrom(typeof(Image).Name)) { var cacheSetting = GetCacheHeaderSetting(initInfo.RequestUri, initInfo.RequestedNodeHead); if (cacheSetting.HasValue) { HttpHeaderTools.SetCacheControlHeaders(cacheSetting.Value); // We're only handling these if the visitor has permissions to the node if (CheckVisitorPermissions(initInfo.RequestedNodeHead)) { // handle If-Modified-Since and Last-Modified headers HttpHeaderTools.EndResponseForClientCache(initInfo.RequestedNodeHead.ModificationDate); } else { // otherwise store the value for later use initInfo.ModificationDateForClient = initInfo.RequestedNodeHead.ModificationDate; } return; } } // applications Application app; // elevate to sysadmin, as we are startupuser here, and group 'everyone' should have permissions to application without elevation using (new SystemAccount()) { // load the application, or the node itself if it is an application if (initInfo.RequestedNodeHead.GetNodeType().IsInstaceOfOrDerivedFrom("Application")) { app = Node.LoadNode(initInfo.RequestedNodeHead) as Application; } else { app = ApplicationStorage.Instance.GetApplication(initInfo.ActionName, initInfo.RequestedNodeHead, initInfo.DeviceName); } } if (app == null) { return; } var maxAge = app.NumericMaxAge; var cacheControl = app.GetCacheControlEnumValue(); if (cacheControl.HasValue && maxAge.HasValue) { HttpHeaderTools.SetCacheControlHeaders(maxAge.Value, cacheControl.Value); // We're only handling these if the visitor has permissions to the node if (CheckVisitorPermissions(initInfo.RequestedNodeHead)) { // handle If-Modified-Since and Last-Modified headers HttpHeaderTools.EndResponseForClientCache(initInfo.RequestedNodeHead.ModificationDate); } else { // otherwise store the value for later use initInfo.ModificationDateForClient = initInfo.RequestedNodeHead.ModificationDate; } } }
private void HandleResponseForClientCache(PortalContextInitInfo initInfo) { var context = HttpContext.Current; // binaryhandler if (_binaryHandlerClientCacheMaxAge.HasValue && initInfo.BinaryHandlerRequestedNodeHead != null) { HttpHeaderTools.SetCacheControlHeaders(_binaryHandlerClientCacheMaxAge.Value); // handle is-modified-since requests only for requests coming from proxy if (PortalContext.ProxyIPs.Contains(context.Request.UserHostAddress)) { HttpHeaderTools.EndResponseForClientCache(initInfo.BinaryHandlerRequestedNodeHead.ModificationDate); } return; } // images, and other content requested with their path (e.g. /Root/Global/images/myimage.png) string extension = System.IO.Path.GetExtension(context.Request.Url.AbsolutePath).ToLower(); if (_clientCacheConfig != null && _clientCacheConfig.ContainsKey(extension)) { // get requested nodehead if (initInfo.RequestedNodeHead == null) { return; } int seconds = _clientCacheConfig[extension]; HttpHeaderTools.SetCacheControlHeaders(seconds); // handle is-modified-since requests only for requests coming from proxy if (PortalContext.ProxyIPs.Contains(context.Request.UserHostAddress)) { HttpHeaderTools.EndResponseForClientCache(initInfo.RequestedNodeHead.ModificationDate); } return; } // applications if (initInfo.RequestedNodeHead != null) { Application app = null; // elevate to sysadmin, as we are startupuser here, and group 'everyone' should have permissions to application without elevation using (new SystemAccount()) { app = ApplicationStorage.Instance.GetApplication(string.IsNullOrEmpty(initInfo.ActionName) ? "browse" : initInfo.ActionName, initInfo.RequestedNodeHead, initInfo.DeviceName); } if (app != null) { var maxAge = app.NumericMaxAge; var cacheControl = app.CacheControlEnumValue; if (cacheControl.HasValue && maxAge.HasValue) { HttpHeaderTools.SetCacheControlHeaders(maxAge.Value, cacheControl.Value); if (PortalContext.ProxyIPs.Contains(context.Request.UserHostAddress)) { HttpHeaderTools.EndResponseForClientCache(initInfo.RequestedNodeHead.ModificationDate); } } return; } } }