zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Console: Add Referrer-Policy header

Browse Source
This commit is contained in:
zzz
2016-12-23 12:35:41 +00:00
parent ffcd2d4517
commit f902a63144
15 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
View File

@@ -388,6 +388,7 @@ public class I2PSnarkServlet extends BasicServlet {
resp.setHeader("X-Frame-Options", "SAMEORIGIN"); resp.setHeader("X-Frame-Options", "SAMEORIGIN");
resp.setHeader("X-XSS-Protection", "1; mode=block"); resp.setHeader("X-XSS-Protection", "1; mode=block");
resp.setHeader("X-Content-Type-Options", "nosniff"); resp.setHeader("X-Content-Type-Options", "nosniff");
resp.setHeader("Referrer-Policy", "no-referrer");
} }
private void writeMessages(PrintWriter out, boolean isConfigure, String peerString) throws IOException { private void writeMessages(PrintWriter out, boolean isConfigure, String peerString) throws IOException {

1
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/localServer/LocalHTTPServer.java
View File

@@ -196,6 +196,7 @@ public abstract class LocalHTTPServer {
tbook = book; tbook = book;
out.write(("HTTP/1.1 200 OK\r\n"+ out.write(("HTTP/1.1 200 OK\r\n"+
"Content-Type: text/html; charset=UTF-8\r\n"+ "Content-Type: text/html; charset=UTF-8\r\n"+
"Referrer-Policy: no-referrer\r\n"+
"Connection: close\r\n"+ "Connection: close\r\n"+
"Proxy-Connection: close\r\n"+ "Proxy-Connection: close\r\n"+
"\r\n"+ "\r\n"+

1
apps/i2ptunnel/jsp/edit.jsp
View File

@@ -6,6 +6,7 @@
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'"); response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
%><%@page pageEncoding="UTF-8" %><%@page pageEncoding="UTF-8"
%><%@page trimDirectiveWhitespaces="true" %><%@page trimDirectiveWhitespaces="true"

1
apps/i2ptunnel/jsp/index.jsp
View File

@@ -9,6 +9,7 @@
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
%><%@page pageEncoding="UTF-8" %><%@page pageEncoding="UTF-8"
%><%@page trimDirectiveWhitespaces="true" %><%@page trimDirectiveWhitespaces="true"

1
apps/i2ptunnel/jsp/wizard.jsp
View File

@@ -9,6 +9,7 @@
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
%><%@page pageEncoding="UTF-8" %><%@page pageEncoding="UTF-8"
%><%@page contentType="text/html" import="net.i2p.i2ptunnel.web.EditBean" %><%@page contentType="text/html" import="net.i2p.i2ptunnel.web.EditBean"

4
apps/routerconsole/jsp/css.jsi
View File

@@ -36,6 +36,10 @@
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Content-Type-Options", "nosniff");
} }
// https://www.w3.org/TR/referrer-policy/
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
// As of Chrome 56, Firefox 50, Opera 43. "same-origin" not widely supported.
response.setHeader("Referrer-Policy", "no-referrer");
String conNonceParam = request.getParameter("consoleNonce"); String conNonceParam = request.getParameter("consoleNonce");
if (net.i2p.router.web.CSSHelper.getNonce().equals(conNonceParam)) { if (net.i2p.router.web.CSSHelper.getNonce().equals(conNonceParam)) {

1
apps/susidns/src/jsp/addressbook.jsp
View File

@@ -31,6 +31,7 @@
response.setHeader("Content-Security-Policy", "default-src 'self'"); response.setHeader("Content-Security-Policy", "default-src 'self'");
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
%> %>
<%@page pageEncoding="UTF-8"%> <%@page pageEncoding="UTF-8"%>

1
apps/susidns/src/jsp/config.jsp
View File

@@ -31,6 +31,7 @@
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
%> %>
<%@page pageEncoding="UTF-8"%> <%@page pageEncoding="UTF-8"%>

1
apps/susidns/src/jsp/details.jsp
View File

@@ -28,6 +28,7 @@
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
%> %>
<%@page pageEncoding="UTF-8"%> <%@page pageEncoding="UTF-8"%>

1
apps/susidns/src/jsp/index.jsp
View File

@@ -31,6 +31,7 @@
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
%> %>
<%@page pageEncoding="UTF-8"%> <%@page pageEncoding="UTF-8"%>

1
apps/susidns/src/jsp/subscriptions.jsp
View File

@@ -31,6 +31,7 @@
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'"); response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
%> %>
<%@page pageEncoding="UTF-8"%> <%@page pageEncoding="UTF-8"%>

1
apps/susimail/src/src/i2p/susi/webmail/WebMail.java
View File

@@ -1637,6 +1637,7 @@ public class WebMail extends HttpServlet
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'"); response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
RequestWrapper request = new RequestWrapper( httpRequest ); RequestWrapper request = new RequestWrapper( httpRequest );
SessionObject sessionObject = null; SessionObject sessionObject = null;

1
installer/resources/proxy/ahelper-conflict-header.ht
View File

@@ -1,5 +1,6 @@
HTTP/1.1 409 Conflict HTTP/1.1 409 Conflict
Content-Type: text/html; charset=UTF-8 Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Cache-control: no-cache Cache-control: no-cache
Connection: close Connection: close
Proxy-Connection: close Proxy-Connection: close

1
installer/resources/proxy/ahelper-new-header.ht
View File

@@ -1,5 +1,6 @@
HTTP/1.1 409 New Address HTTP/1.1 409 New Address
Content-Type: text/html; charset=UTF-8 Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Cache-control: no-cache Cache-control: no-cache
Connection: close Connection: close
Proxy-Connection: close Proxy-Connection: close

1
installer/resources/proxy/dnfh-header.ht
View File

@@ -1,5 +1,6 @@
HTTP/1.1 500 Domain Not Found HTTP/1.1 500 Domain Not Found
Content-Type: text/html; charset=UTF-8 Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Cache-control: no-cache Cache-control: no-cache
Connection: close Connection: close
Proxy-Connection: close Proxy-Connection: close