From: Felix Dörre Date: Thu, 3 Jul 2014 20:18:36 +0000 (+0200) Subject: Output CSP-reports. X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=3ce408bed993f18cd0a17d8a65932dd4f1a5b111 Output CSP-reports. --- diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java index b6aa90eb..22364cb0 100644 --- a/src/org/cacert/gigi/Gigi.java +++ b/src/org/cacert/gigi/Gigi.java @@ -149,10 +149,14 @@ public class Gigi extends HttpServlet { hsr.addHeader("Access-Control-Allow-Origin", "http://cacert.org https://localhost"); hsr.addHeader("Access-Control-Max-Age", "60"); - hsr.addHeader("Content-Security-Policy", "default-src 'self' https://" + hsr.addHeader("Content-Security-Policy", "default-src 'self' "// + + "https://" + ServerConstants.getStaticHostNamePort() - + ";frame-ancestors 'none'"); - // ;report-uri https://felix.dogcraft.de/report.php + + ";" + + "frame-ancestors 'none';"// + + "report-uri https://" + + ServerConstants.getApiHostNamePort() + + "/security/csp/report"); } } diff --git a/src/org/cacert/gigi/api/GigiAPI.java b/src/org/cacert/gigi/api/GigiAPI.java index 74cff967..88c8da81 100644 --- a/src/org/cacert/gigi/api/GigiAPI.java +++ b/src/org/cacert/gigi/api/GigiAPI.java @@ -1,8 +1,10 @@ package org.cacert.gigi.api; import java.io.IOException; +import java.io.InputStreamReader; import javax.servlet.ServletException; +import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -15,5 +17,16 @@ public class GigiAPI extends HttpServlet { if (pi == null) { return; } + if (pi.equals("/security/csp/report")) { + ServletInputStream sis = req.getInputStream(); + InputStreamReader isr = new InputStreamReader(sis, "UTF-8"); + StringBuffer strB = new StringBuffer(); + char[] buffer = new char[4 * 1024]; + int len; + while ((len = isr.read(buffer)) > 0) { + strB.append(buffer, 0, len); + } + System.out.println(strB); + } } }