Alert

From 45c3f51456e7368a9cde5e32a2248f892a44f063 Mon Sep 17 00:00:00 2001 From: Janis Streib Date: Mon, 8 Sep 2014 20:20:49 +0200 Subject: [PATCH] FIX: Content types --- src/org/cacert/gigi/Gigi.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java index a65d5c94..9908a1c6 100644 --- a/src/org/cacert/gigi/Gigi.java +++ b/src/org/cacert/gigi/Gigi.java @@ -178,7 +178,6 @@ public class Gigi extends HttpServlet { protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { boolean isSecure = req.getServerPort() == ServerConstants.getSecurePort(); addXSSHeaders(resp, isSecure); - resp.setContentType("text/html; charset=utf-8"); // Firefox only sends this, if it's a cross domain access; safari sends // it always String originHeader = req.getHeader("Origin"); @@ -187,8 +186,8 @@ public class Gigi extends HttpServlet { !(originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getWwwHostNamePortSecure()) + "(/.*|)") || // originHeader.matches("^" + Pattern.quote("http://" + ServerConstants.getWwwHostNamePort()) + "(/.*|)") || // originHeader.matches("^" + Pattern.quote("https://" + ServerConstants.getSecureHostNamePort()) + "(/.*|)"))) { + resp.setContentType("text/html; charset=utf-8"); resp.getWriter().println("AlertNo cross domain access allowed.
If you don't know why you're seeing this you may have been fished! Please change your password immediately!"); - System.out.println(originHeader); return; } HttpSession hs = req.getSession(); @@ -247,6 +246,7 @@ public class Gigi extends HttpServlet { vars.put("static", getStaticTemplateVar(isSecure)); vars.put("year", Calendar.getInstance().get(Calendar.YEAR)); vars.put("content", content); + resp.setContentType("text/html; charset=utf-8"); baseTemplate.output(resp.getWriter(), Page.getLanguage(req), vars); } else { resp.sendError(404, "Page not found."); -- 2.39.2