Skip to content

Commit

Permalink
Only send HSTS header when both SSL and FProxy SSL are enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
torusrxxx committed Nov 30, 2024
1 parent e68332a commit c9f2803
Showing 1 changed file with 15 additions and 9 deletions.
24 changes: 15 additions & 9 deletions src/freenet/clients/http/ToadletContextImpl.java
Original file line number Diff line number Diff line change
Expand Up @@ -204,9 +204,8 @@ public void sendReplyHeadersStatic(int replyCode, String replyDescription, Multi

@Override
public void sendReplyHeadersFProxy(int replyCode, String replyDescription, MultiValueTable<String,String> mvt, String mimeType, long contentLength) throws ToadletContextClosedException, IOException {
boolean enableJavascript = false;
if(container.isFProxyWebPushingEnabled() && container.isFProxyJavascriptEnabled())
enableJavascript = true;
boolean enableJavascript;
enableJavascript = container.isFProxyWebPushingEnabled() && container.isFProxyJavascriptEnabled();
sendReplyHeaders(replyCode, replyDescription, mvt, mimeType, contentLength, null, false, true, enableJavascript);
}

Expand All @@ -216,12 +215,11 @@ private void sendReplyHeaders(int replyCode, String replyDescription, MultiValue
throw new IllegalStateException("Already sent headers!", firstReplySendingException);
}
firstReplySendingException = new Exception();

if(replyCookies != null) {
if (mvt == null) {
mvt = new MultiValueTable<String,String>();
}


if (mvt == null) {
mvt = new MultiValueTable<String,String>();
}
if (replyCookies != null) {
// We do NOT use "set-cookie2" even though we should according though RFC2965 - Firefox 3.0.14 ignores it for me!

for(Cookie cookie : replyCookies) {
Expand All @@ -231,6 +229,14 @@ private void sendReplyHeaders(int replyCode, String replyDescription, MultiValue
Logger.minor(this, "set-cookie: " + cookieHeader);
}
}

if (container.isSSL()) {
String HSTS = SSL.getHSTSHeader();
if (!HSTS.isEmpty() && !mvt.containsKey("strict-transport-security")) {
// SSL enabled, set strict-transport-security so that the user agent upgrade future requests to SSL.
mvt.put("strict-transport-security", HSTS);
}
}
sendReplyHeaders(sockOutputStream, replyCode, replyDescription, mvt, mimeType, contentLength, mTime, shouldDisconnect, enableJavascript, allowFrames);
}

Expand Down

0 comments on commit c9f2803

Please sign in to comment.