From f450cde1eeef6e04ee7cb3149fa0954fb0653215 Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=C3=A9bastien=20Marie?= Date: Mon, 27 Oct 2014 17:13:53 +0100 Subject: [PATCH] content-security-policy: add RequestQueued - add a new autocmd entry: RequestQueued that take place in request-queued signal (SoupSession). - change contentsecuritypolicy_request_queued_cb to session_request_queued_cb to be more generic - append Content-Security-Policy header (instead of remove/replace) - in DEBUG, abort() if any server headers are setted in request-queued --- src/autocmd.c | 1 + src/autocmd.h | 1 + src/main.c | 30 +++++++++++++++++++++--------- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/src/autocmd.c b/src/autocmd.c index 4ac3569..87054eb 100644 --- a/src/autocmd.c +++ b/src/autocmd.c @@ -49,6 +49,7 @@ static struct { {"DownloadStart", 0x0020}, {"DownloadFinished", 0x0040}, {"DownloadFailed", 0x0080}, + {"RequestQueued", 0x0100}, }; extern VbCore vb; diff --git a/src/autocmd.h b/src/autocmd.h index fe3bc04..605c4ba 100644 --- a/src/autocmd.h +++ b/src/autocmd.h @@ -36,6 +36,7 @@ typedef enum { AU_DOWNLOAD_START, AU_DOWNLOAD_FINISHED, AU_DOWNLOAD_FAILED, + AU_REQUEST_QUEUED, } AuEvent; void autocmd_init(void); diff --git a/src/main.c b/src/main.c index 21501d7..dbb2192 100644 --- a/src/main.c +++ b/src/main.c @@ -92,8 +92,7 @@ void vb_download_internal(WebKitWebView *view, WebKitDownload *download, const c void vb_download_external(WebKitWebView *view, WebKitDownload *download, const char *file); static void download_progress_cp(WebKitDownload *download, GParamSpec *pspec); static void read_from_stdin(void); -static void contentsecuritypolicy_request_queued_cb(SoupSession *session, SoupMessage *msg, - gpointer data); +static void session_request_queued_cb(SoupSession *session, SoupMessage *msg, gpointer data); /* functions */ #ifdef FEATURE_WGET_PROGRESS_BAR @@ -963,7 +962,7 @@ static void setup_signals() NULL ); - g_signal_connect(vb.session, "request-queued", G_CALLBACK(contentsecuritypolicy_request_queued_cb), NULL); + g_signal_connect(vb.session, "request-queued", G_CALLBACK(session_request_queued_cb), NULL); #ifdef FEATURE_NO_SCROLLBARS WebKitWebFrame *frame = webkit_web_view_get_main_frame(vb.gui.webview); @@ -1494,14 +1493,27 @@ static void read_from_stdin(void) g_free(buf); } -static void contentsecuritypolicy_request_queued_cb(SoupSession *session, SoupMessage *msg, - gpointer data) +static void session_request_queued_cb(SoupSession *session, SoupMessage *msg, gpointer data) { - if (!vb.config.contentsecuritypolicy || *vb.config.contentsecuritypolicy == '\0') { - soup_message_headers_remove(msg->response_headers, "Content-Security-Policy"); + SoupURI *suri = soup_message_get_uri(msg); + const char *uri = soup_uri_to_string(suri, false); - } else { - soup_message_headers_replace(msg->response_headers, "Content-Security-Policy", + autocmd_run(AU_REQUEST_QUEUED, uri, NULL); + +#ifdef DEBUG + SoupMessageHeadersIter iter; + const char *name, *value; + + soup_message_headers_iter_init(&iter, msg->response_headers); + while (soup_message_headers_iter_next(&iter, &name, &value)) { + PRINT_DEBUG("unexpected header> %s: %s", name, value); + abort(); + } +#endif + + /* add a fake Content-Security-Policy header in server-response header */ + if (vb.config.contentsecuritypolicy && *vb.config.contentsecuritypolicy != '\0') { + soup_message_headers_append(msg->response_headers, "Content-Security-Policy", vb.config.contentsecuritypolicy); } } -- 2.20.1