Http::Response AbstractWebApplication::processRequest(const Http::Request &request, const Http::Environment &env)
{
session_ = 0;
request_ = request;
env_ = env;
// clear response
clear();
// avoid clickjacking attacks
header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN");
header(Http::HEADER_X_XSS_PROTECTION, "1; mode=block");
header(Http::HEADER_X_CONTENT_TYPE_OPTIONS, "nosniff");
header(Http::HEADER_CONTENT_SECURITY_POLICY, "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; object-src 'none';");
// block cross-site requests
if (isCrossSiteRequest(request_)) {
status(401, "Unauthorized");
return response();
}
sessionInitialize();
if (!sessionActive() && !isAuthNeeded())
sessionStart();
if (isBanned()) {
status(403, "Forbidden");
print(QObject::tr("Your IP address has been banned after too many failed authentication attempts."), Http::CONTENT_TYPE_TXT);
}
else {
doProcessRequest();
}
return response();
}
void Transport::processRequest(PersistentConnection *conn , Request *request)
{
if (isAbortRequest(request))
{
Log::GetInstance()->Write("Abort request", LOGLEVEL_DEBUG);
processAbortRequest(conn, request);
conn->handleDisconnected(request, _connectionId.c_str());
}
else if (isConnectRequest(request))
{
Log::GetInstance()->Write("Connection request", LOGLEVEL_DEBUG);
processConnectRequest(conn,request);
conn->handleConnected(request, _connectionId.c_str());
}
else if (isReconnectRequest(request))
{
Log::GetInstance()->Write("Reconnect request", LOGLEVEL_DEBUG);
conn->handleReconnected(request, _connectionId.c_str());
std::string response = conn->createResponse(request);
conn->writeData(response.c_str());
}
doProcessRequest(conn, request);
}
