[UPDATE-CONFIG] Use 3 hosts www, secure and static.

[gigi.git] / src / org / cacert / gigi / Gigi.java
diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java

index 574e9f0a62dd7c5114d66269d194859ab181cbcf..fa259c96c77cbf99835c8df72e374c863935bd3e 100644 (file)
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -22,10 +22,13 @@ import org.cacert.gigi.pages.MainPage;
  import org.cacert.gigi.pages.Page;
  import org.cacert.gigi.pages.TestSecure;
  import org.cacert.gigi.pages.Verify;
+import org.cacert.gigi.pages.account.MailAdd;
  import org.cacert.gigi.pages.account.MailCertificates;
+import org.cacert.gigi.pages.account.MailOverview;
  import org.cacert.gigi.pages.account.MyDetails;
  import org.cacert.gigi.pages.main.RegisterPage;
  import org.cacert.gigi.pages.wot.AssurePage;
+import org.cacert.gigi.util.ServerConstants;
  import org.eclipse.jetty.util.log.Log;
  
  public class Gigi extends HttpServlet {
@@ -45,16 +48,19 @@ public class Gigi extends HttpServlet {
                 pages.put("/", new MainPage("CACert - Home"));
                 pages.put("/secure", new TestSecure());
                 pages.put(Verify.PATH, new Verify());
-               pages.put(AssurePage.PATH, new AssurePage());
+               pages.put(AssurePage.PATH + "/*", new AssurePage());
                 pages.put(MailCertificates.PATH, new MailCertificates());
                 pages.put(MyDetails.PATH, new MyDetails());
                 pages.put(RegisterPage.PATH, new RegisterPage());
+               pages.put(MailOverview.DEFAULT_PATH, new MailOverview(
+                               "My email addresses"));
+               pages.put(MailAdd.DEFAULT_PATH, new MailAdd("Add new email"));
                 String templ = "";
                 try (BufferedReader reader = new BufferedReader(new InputStreamReader(
                                 new FileInputStream(new File("templates/base.html"))))) {
                         String tmp;
                         while ((tmp = reader.readLine()) != null) {
-                               templ += tmp;
+                               templ += tmp + "\n";
                         }
                         baseTemplate = templ.split("\\$content\\$");
                 } catch (Exception e) {
@@ -66,6 +72,11 @@ public class Gigi extends HttpServlet {
         @Override
         protected void service(HttpServletRequest req, HttpServletResponse resp)
                         throws ServletException, IOException {
+               addXSSHeaders(resp);
+               if (req.getHeader("Origin") != null) {
+                       resp.getWriter().println("No cross domain access allowed.");
+                       return;
+               }
                 HttpSession hs = req.getSession();
                 if (req.getPathInfo() != null && req.getPathInfo().equals("/logout")) {
                         if (hs != null) {
@@ -108,7 +119,9 @@ public class Gigi extends HttpServlet {
  
         }
         private Page getPage(String pathInfo) {
-
+               if (pathInfo.endsWith("/") && !pathInfo.equals("/")) {
+                       pathInfo = pathInfo.substring(0, pathInfo.length() - 1);
+               }
                 Page page = pages.get(pathInfo);
                 if (page != null) {
                         return page;
@@ -133,5 +146,14 @@ public class Gigi extends HttpServlet {
                 in = in.replaceAll("\\$year\\$", year + "");
                 return in;
         }
+       public static void addXSSHeaders(HttpServletResponse hsr) {
+               hsr.addHeader("Access-Control-Allow-Origin",
+                               "http://cacert.org https://localhost");
+               hsr.addHeader("Access-Control-Max-Age", "60");
+               hsr.addHeader("Content-Security-Policy", "default-src 'self' https://"
+                               + ServerConstants.getStaticHostNamePort()
+                               + " https://www.cacert.org/*;frame-ancestors 'none'");
+               // ;report-uri https://felix.dogcraft.de/report.php
  
+       }
  }