/*
* Safety test: only allow GET|POST dpi-urls from dpi-generated pages.
*/
int a_Capi_dpi_verify_request(BrowserWindow *bw, DilloUrl *url)
{
DilloUrl *referer;
int allow = FALSE;
/* test POST and GET */
if (dStrcasecmp(URL_SCHEME(url), "dpi") == 0 &&
URL_FLAGS(url) & (URL_Post + URL_Get)) {
/* only allow dpi requests from dpi-generated urls */
if (a_Nav_stack_size(bw)) {
referer = a_History_get_url(NAV_TOP_UIDX(bw));
if (dStrcasecmp(URL_SCHEME(referer), "dpi") == 0) {
allow = TRUE;
}
}
} else {
allow = TRUE;
}
if (!allow) {
MSG("a_Capi_dpi_verify_request: Permission Denied!\n");
MSG(" URL_STR : %s\n", URL_STR(url));
if (URL_FLAGS(url) & URL_Post) {
MSG(" URL_DATA: %s\n", dStr_printable(URL_DATA(url), 1024));
}
}
return allow;
}
/*
* Make the http query string
*/
Dstr *a_Http_make_query_str(const DilloUrl *url, const DilloUrl *requester,
bool_t use_proxy)
{
char *ptr, *cookies, *referer, *auth;
Dstr *query = dStr_new(""),
*request_uri = dStr_new(""),
*proxy_auth = dStr_new("");
if (use_proxy) {
dStr_sprintfa(request_uri, "%s%s",
URL_STR(url),
(URL_PATH_(url) || URL_QUERY_(url)) ? "" : "/");
if ((ptr = strrchr(request_uri->str, '#')))
dStr_truncate(request_uri, ptr - request_uri->str);
if (HTTP_Proxy_Auth_base64)
dStr_sprintf(proxy_auth, "Proxy-Authorization: Basic %s\r\n",
HTTP_Proxy_Auth_base64);
} else {
dStr_sprintfa(request_uri, "%s%s%s%s",
URL_PATH(url),
URL_QUERY_(url) ? "?" : "",
URL_QUERY(url),
(URL_PATH_(url) || URL_QUERY_(url)) ? "" : "/");
}
cookies = a_Cookies_get_query(url, requester);
auth = a_Auth_get_auth_str(url, request_uri->str);
referer = Http_get_referer(url);
if (URL_FLAGS(url) & URL_Post) {
Dstr *content_type = Http_make_content_type(url);
dStr_sprintfa(
query,
"POST %s HTTP/1.1\r\n"
"Connection: close\r\n"
"Accept: text/*,image/*,*/*;q=0.2\r\n"
"Accept-Charset: utf-8,*;q=0.8\r\n"
"Accept-Encoding: gzip\r\n"
"%s" /* language */
"%s" /* auth */
"Host: %s\r\n"
"%s"
"%s"
"User-Agent: %s\r\n"
"Content-Length: %ld\r\n"
"Content-Type: %s\r\n"
"%s" /* cookies */
"\r\n",
request_uri->str, HTTP_Language_hdr, auth ? auth : "",
URL_AUTHORITY(url), proxy_auth->str, referer, prefs.http_user_agent,
(long)URL_DATA(url)->len, content_type->str,
cookies);
dStr_append_l(query, URL_DATA(url)->str, URL_DATA(url)->len);
dStr_free(content_type, TRUE);
} else {
dStr_sprintfa(
query,
"GET %s HTTP/1.1\r\n"
"%s"
"Connection: close\r\n"
"Accept: text/*,image/*,*/*;q=0.2\r\n"
"Accept-Charset: utf-8,*;q=0.8\r\n"
"Accept-Encoding: gzip\r\n"
"%s" /* language */
"%s" /* auth */
"Host: %s\r\n"
"%s"
"%s"
"User-Agent: %s\r\n"
"%s" /* cookies */
"\r\n",
request_uri->str,
(URL_FLAGS(url) & URL_E2EQuery) ?
"Cache-Control: no-cache\r\nPragma: no-cache\r\n" : "",
HTTP_Language_hdr, auth ? auth : "", URL_AUTHORITY(url),
proxy_auth->str, referer, prefs.http_user_agent, cookies);
}
dFree(referer);
dFree(cookies);
dFree(auth);
dStr_free(request_uri, TRUE);
dStr_free(proxy_auth, TRUE);
_MSG("Query: {%s}\n", dStr_printable(query, 8192));
return query;
}
