protected static void SetResponseHeaders(HttpRequestWrapper request, HttpResponse response, sResponse results) { int refreshInterval; if (results.isStrictNoCache()) { refreshInterval = 0; } else if (request.getParameter(REFRESH_PARAM) != null) { int.TryParse(request.getParameter(REFRESH_PARAM), out refreshInterval); } else { refreshInterval = Math.Max(60 * 60, (int)(results.getCacheTtl() / 1000L)); } HttpUtil.SetCachingHeaders(response, refreshInterval); // We're skipping the content disposition header for flash due to an issue with Flash player 10 // This does make some sites a higher value phishing target, but this can be mitigated by // additional referer checks. if (!results.getHeader("Content-Type").ToLower().Equals("application/x-shockwave-flash")) { response.AddHeader("Content-Disposition", "attachment;filename=p.txt"); } }
private String processFeed(String url, HttpRequestWrapper req, String xml) { bool getSummaries = Boolean.Parse(GetParameter(req, GET_SUMMARIES_PARAM, "false")); int numEntries = int.Parse(GetParameter(req, NUM_ENTRIES_PARAM, DEFAULT_NUM_ENTRIES)); return(new FeedProcessor().process(url, xml, getSummaries, numEntries).ToString()); }
protected String getContainer(HttpRequestWrapper request) { String container = GetParameter(request, CONTAINER_PARAM, null) ?? GetParameter(request, SYND_PARAM, ContainerConfig.DEFAULT_CONTAINER); return(container); }
/** * Format a response as JSON, including additional JSON inserted by * chained content fetchers. */ private String convertResponseToJson(ISecurityToken authToken, HttpRequestWrapper request, sResponse results) { try { String originalUrl = request.getParameter(URL_PARAM); String body = results.responseString; if ("FEED".Equals(request.getParameter(CONTENT_TYPE_PARAM))) { body = processFeed(originalUrl, request, body); } JsonObject resp = FetchResponseUtils.getResponseAsJson(results, body); if (authToken != null) { String updatedAuthToken = authToken.getUpdatedToken(); if (updatedAuthToken != null) { resp.Put("st", updatedAuthToken); } } // Use raw param as key as URL may have to be decoded return(new JsonObject().Put(originalUrl, resp).ToString()); } catch (JsonException) { return(""); } }
private bool getIgnoreCache(HttpRequestWrapper request) { String ignoreCache = request.getParameter(IGNORE_CACHE_PARAM); if (ignoreCache == null) { return false; } return !ignoreCache.Equals("0"); }
public override void Fetch(HttpRequestWrapper request, HttpResponseWrapper response) { if (request.getHeaders("If-Modified-Since") != null) { if (!request.isConcat) response.setStatus((int)HttpStatusCode.NotModified); return; } String host = request.getHeaders("Host"); if (!lockedDomainService.isSafeForOpenProxy(host)) { // Force embedded images and the like to their own domain to avoid XSS // in gadget domains. return; } sRequest rcr = buildHttpRequest(request); sResponse results = fetcher.fetch(rcr); if (contentRewriterRegistry != null) { results = contentRewriterRegistry.rewriteHttpResponse(rcr, results); } if (!request.isConcat) { SetResponseHeaders(request, response.getResponse(), results); for (int i = 0; i < results.getHeaders().Count; i++) { String name = results.getHeaders().GetKey(i); if (!DISALLOWED_RESPONSE_HEADERS.Contains(name.ToLower())) { foreach (String value in results.getHeaders().GetValues(i)) { response.AddHeader(name, value); } } } } if (request.getParameter("rewriteMime") != null) { response.setContentType(request.getParameter("rewriteMime")); } if (results.getHttpStatusCode() != (int)HttpStatusCode.OK) { response.setStatus((int)results.getHttpStatusCode()); } else { response.setStatus((int)HttpStatusCode.OK); } response.Write(results.responseBytes); }
/** * Generate a remote content request based on the parameters * sent from the client. * @throws GadgetException */ private sRequest buildHttpRequest(HttpRequestWrapper request) { Uri url = ValidateUrl(request.getParameter(URL_PARAM)); sRequest req = new sRequest(url) .setMethod(GetParameter(request, METHOD_PARAM, "GET")) .setPostBody(request.getRequest().ContentEncoding.GetBytes(GetParameter(request, POST_DATA_PARAM, ""))) .setContainer(getContainer(request)); String headerData = GetParameter(request, HEADERS_PARAM, ""); if (headerData.Length > 0) { String[] headerList = headerData.Split('&'); foreach (String header in headerList) { String[] parts = header.Split('='); if (parts.Length != 2) { throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, "Malformed header specified,"); } req.addHeader(HttpUtility.UrlDecode(parts[0]), HttpUtility.UrlDecode(parts[1])); } } //removeUnsafeHeaders(req); req.setIgnoreCache("1".Equals(request.getParameter(NOCACHE_PARAM))); if (request.getParameter(GADGET_PARAM) != null) { req.Gadget = Uri.parse(request.getParameter(GADGET_PARAM)); } // Allow the rewriter to use an externally forced mime type. This is needed // allows proper rewriting of <script src="x"/> where x is returned with // a content type like text/html which unfortunately happens all too often req.setRewriteMimeType(request.getParameter(REWRITE_MIME_TYPE_PARAM)); // Figure out whether authentication is required AuthType auth = AuthType.Parse(GetParameter(request, AUTHZ_PARAM, null)); req.AuthType = auth; if (auth != AuthType.NONE) { req.setSecurityToken(extractAndValidateToken(request.getContext())); req.setOAuthArguments(new OAuthArguments(auth, request.getRequest())); } return(req); }
public override void Fetch(HttpRequestWrapper request, HttpResponseWrapper response) { sRequest rcr = buildHttpRequest(request); // Serialize the response sResponse results = requestPipeline.execute(rcr); // Rewrite the response if (contentRewriterRegistry != null) { results = contentRewriterRegistry.rewriteHttpResponse(rcr, results); } // Serialize the response String output = convertResponseToJson(rcr.getSecurityToken(), request, results); // Find and set the refresh interval SetResponseHeaders(request, response.getResponse(), results); response.setStatus((int)HttpStatusCode.OK); response.setContentType("application/json"); response.getResponse().ContentEncoding = Encoding.UTF8; response.Write(Encoding.UTF8.GetBytes(UNPARSEABLE_CRUFT + output)); }
private String processFeed(String url, HttpRequestWrapper req, String xml) { bool getSummaries = Boolean.Parse(GetParameter(req, GET_SUMMARIES_PARAM, "false")); int numEntries = int.Parse(GetParameter(req, NUM_ENTRIES_PARAM, DEFAULT_NUM_ENTRIES)); return new FeedProcessor().process(url, xml, getSummaries, numEntries).ToString(); }
private sRequest buildHttpRequest(HttpRequestWrapper request) { Uri url = ValidateUrl(request.getParameter(URL_PARAM)); sRequest req = new sRequest(url); req.Container = getContainer(request); if (request.getParameter(GADGET_PARAM) != null) { req.setGadget(Uri.parse(request.getParameter(GADGET_PARAM))); } // Allow the rewriter to use an externally forced mime type. This is needed // allows proper rewriting of <script src="x"/> where x is returned with // a content type like text/html which unfortunately happens all too often req.RewriteMimeType = request.getParameter(REWRITE_MIME_TYPE_PARAM); req.setIgnoreCache(getIgnoreCache(request)); // If the proxy request specifies a refresh param then we want to force the min TTL for // the retrieved entry in the cache regardless of the headers on the content when it // is fetched from the original source. if (request.getParameter(REFRESH_PARAM) != null) { int ttl = 0; int.TryParse(request.getParameter(REFRESH_PARAM), out ttl); req.CacheTtl = ttl; } return req; }
protected static String GetParameter(HttpRequestWrapper request, String name, String defaultValue) { String ret = request.getParameter(name); return ret ?? defaultValue; }
protected String getContainer(HttpRequestWrapper request) { String container = GetParameter(request, CONTAINER_PARAM, null) ?? GetParameter(request, SYND_PARAM, ContainerConfig.DEFAULT_CONTAINER); return container; }
/** * Processes the given request. */ abstract public void Fetch(HttpRequestWrapper request, HttpResponseWrapper response);
/** * Generate a remote content request based on the parameters * sent from the client. * @throws GadgetException */ private sRequest buildHttpRequest(HttpRequestWrapper request) { Uri url = ValidateUrl(request.getParameter(URL_PARAM)); sRequest req = new sRequest(url) .setMethod(GetParameter(request, METHOD_PARAM, "GET")) .setPostBody(request.getRequest().ContentEncoding.GetBytes(GetParameter(request, POST_DATA_PARAM, ""))) .setContainer(getContainer(request)); String headerData = GetParameter(request, HEADERS_PARAM, ""); if (headerData.Length > 0) { String[] headerList = headerData.Split('&'); foreach(String header in headerList) { String[] parts = header.Split('='); if (parts.Length != 2) { throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, "Malformed header specified,"); } req.addHeader(HttpUtility.UrlDecode(parts[0]), HttpUtility.UrlDecode(parts[1])); } } //removeUnsafeHeaders(req); req.setIgnoreCache("1".Equals(request.getParameter(NOCACHE_PARAM))); if (request.getParameter(GADGET_PARAM) != null) { req.Gadget = Uri.parse(request.getParameter(GADGET_PARAM)); } // Allow the rewriter to use an externally forced mime type. This is needed // allows proper rewriting of <script src="x"/> where x is returned with // a content type like text/html which unfortunately happens all too often req.setRewriteMimeType(request.getParameter(REWRITE_MIME_TYPE_PARAM)); // Figure out whether authentication is required AuthType auth = AuthType.Parse(GetParameter(request, AUTHZ_PARAM, null)); req.AuthType = auth; if (auth != AuthType.NONE) { req.setSecurityToken(extractAndValidateToken(request.getContext())); req.setOAuthArguments(new OAuthArguments(auth, request.getRequest())); } return req; }
/** * Format a response as JSON, including additional JSON inserted by * chained content fetchers. */ private String convertResponseToJson(ISecurityToken authToken, HttpRequestWrapper request, sResponse results) { try { String originalUrl = request.getParameter(URL_PARAM); String body = results.responseString; if ("FEED".Equals(request.getParameter(CONTENT_TYPE_PARAM))) { body = processFeed(originalUrl, request, body); } JsonObject resp = FetchResponseUtils.getResponseAsJson(results, body); if (authToken != null) { String updatedAuthToken = authToken.getUpdatedToken(); if (updatedAuthToken != null) { resp.Put("st", updatedAuthToken); } } // Use raw param as key as URL may have to be decoded return new JsonObject().Put(originalUrl, resp).ToString(); } catch (JsonException) { return ""; } }
protected static String GetParameter(HttpRequestWrapper request, String name, String defaultValue) { String ret = request.getParameter(name); return(ret ?? defaultValue); }