From: Daniel Carl Date: Wed, 28 May 2014 14:42:15 +0000 (+0200) Subject: Allow to toggle hsts on and off. X-Git-Url: https://git.owens.tech/assets/favicon.png/assets/favicon.png/git?a=commitdiff_plain;h=0334ce6389e94c9de3e0accd22ee7dc00bf094df;p=vimb.git Allow to toggle hsts on and off. --- diff --git a/doc/vimb.1 b/doc/vimb.1 index a12281e..9a829e3 100644 --- a/doc/vimb.1 +++ b/doc/vimb.1 @@ -756,6 +756,9 @@ Maximum number of unique items stored in search-, command or URI history. .B home-page (string) Homepage that vimb opens if started without a URI. .TP +.B hsts (bool) +Enable or disables the HSTS (HTTP Strict Transport Security) feature. +.TP .B input-bg-error (color) Background color for the inputbox if error is shown. .TP diff --git a/src/main.c b/src/main.c index 8b342a4..04920b6 100644 --- a/src/main.c +++ b/src/main.c @@ -946,16 +946,18 @@ static void session_init(void) g_object_unref(cookie); #endif #ifdef FEATURE_HSTS - HSTSProvider *hsts = hsts_provider_new(); - soup_session_add_feature(vb.session, SOUP_SESSION_FEATURE(hsts)); - g_object_unref(hsts); + /* create only the session feature - the feature is added in setting.c + * when the setting hsts=on */ + vb.config.hsts_provider = hsts_provider_new(); #endif } static void session_cleanup(void) { #ifdef FEATURE_HSTS - /* remove feature from session to make sure the feature is finalized */ + /* remove feature from session and unref the feature to make sure the + * feature is finalized */ + g_object_unref(vb.config.hsts_provider); soup_session_remove_feature_by_type(vb.session, HSTS_TYPE_PROVIDER); #endif } diff --git a/src/main.h b/src/main.h index 53219d8..3ff9030 100644 --- a/src/main.h +++ b/src/main.h @@ -33,6 +33,9 @@ #else #endif #include "config.h" +#ifdef FEATURE_HSTS +#include "hsts.h" +#endif /* size of some I/O buffer */ #define BUF_SIZE 512 @@ -310,6 +313,9 @@ typedef struct { float default_zoom; /* default zoomlevel that is applied on zz zoom reset */ gboolean fullscreen; /* indicates if full screen mode is on */ gboolean kioskmode; +#ifdef FEATURE_HSTS + HSTSProvider *hsts_provider; /* the hsts session feature that is added to soup session */ +#endif } Config; typedef struct { diff --git a/src/setting.c b/src/setting.c index deb281e..75f2c2e 100644 --- a/src/setting.c +++ b/src/setting.c @@ -24,6 +24,9 @@ #include "util.h" #include "completion.h" #include "js.h" +#ifdef FEATURE_HSTS +#include "hsts.h" +#endif static GHashTable *settings; @@ -55,6 +58,9 @@ static SettingStatus timeoutlen(const Setting *s, const SettingType type); static SettingStatus headers(const Setting *s, const SettingType type); static SettingStatus nextpattern(const Setting *s, const SettingType type); static SettingStatus fullscreen(const Setting *s, const SettingType type); +#ifdef FEATURE_HSTS +static SettingStatus hsts(const Setting *s, const SettingType type); +#endif static gboolean validate_js_regexp_list(const char *pattern); @@ -128,6 +134,9 @@ static Setting default_settings[] = { {NULL, "nextpattern", TYPE_CHAR, nextpattern, {.s = "/\\bnext\\b/i,/^(>\\|>>\\|»)$/,/^(>\\|>>\\|»)/,/(>\\|>>\\|»)$/,/\\bmore\\b/i"}}, {NULL, "previouspattern", TYPE_CHAR, nextpattern, {.s = "/\\bprev\\|previous\\b/i,/^(<\\|<<\\|«)$/,/^(<\\|<<\\|«)/,/(<\\|<<\\|«)$/"}}, {NULL, "fullscreen", TYPE_BOOLEAN, fullscreen, {.i = 0}}, +#ifdef FEATURE_HSTS + {NULL, "hsts", TYPE_BOOLEAN, hsts, {.i = 1}}, +#endif }; void setting_init(void) @@ -915,6 +924,33 @@ static SettingStatus fullscreen(const Setting *s, const SettingType type) return SETTING_OK; } +#ifdef FEATURE_HSTS +static SettingStatus hsts(const Setting *s, const SettingType type) +{ + gboolean active; + if (type == SETTING_GET) { + active = soup_session_has_feature(vb.session, HSTS_TYPE_PROVIDER); + print_value(s, &active); + + return SETTING_OK; + } + + if (type == SETTING_TOGGLE) { + active = !soup_session_has_feature(vb.session, HSTS_TYPE_PROVIDER); + print_value(s, &active); + } else { + active = (s->arg.i != 0); + } + + if (active) { + soup_session_add_feature(vb.session, SOUP_SESSION_FEATURE(vb.config.hsts_provider)); + } else { + soup_session_remove_feature(vb.session, SOUP_SESSION_FEATURE(vb.config.hsts_provider)); + } + return SETTING_OK; +} +#endif + /** * Validated syntax given list of JavaScript RegExp patterns. * If validation fails, the error is shown to the user.