Http::Response AbstractWebApplication::processRequest(const Http::Request &request, const Http::Environment &env) { session_ = 0; request_ = request; env_ = env; // clear response clear(); // avoid clickjacking attacks header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN"); header(Http::HEADER_X_XSS_PROTECTION, "1; mode=block"); header(Http::HEADER_X_CONTENT_TYPE_OPTIONS, "nosniff"); header(Http::HEADER_CONTENT_SECURITY_POLICY, "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; object-src 'none';"); // block cross-site requests if (isCrossSiteRequest(request_)) { status(401, "Unauthorized"); return response(); } sessionInitialize(); if (!sessionActive() && !isAuthNeeded()) sessionStart(); if (isBanned()) { status(403, "Forbidden"); print(QObject::tr("Your IP address has been banned after too many failed authentication attempts."), Http::CONTENT_TYPE_TXT); } else { doProcessRequest(); } return response(); }
void Transport::processRequest(PersistentConnection *conn , Request *request) { if (isAbortRequest(request)) { Log::GetInstance()->Write("Abort request", LOGLEVEL_DEBUG); processAbortRequest(conn, request); conn->handleDisconnected(request, _connectionId.c_str()); } else if (isConnectRequest(request)) { Log::GetInstance()->Write("Connection request", LOGLEVEL_DEBUG); processConnectRequest(conn,request); conn->handleConnected(request, _connectionId.c_str()); } else if (isReconnectRequest(request)) { Log::GetInstance()->Write("Reconnect request", LOGLEVEL_DEBUG); conn->handleReconnected(request, _connectionId.c_str()); std::string response = conn->createResponse(request); conn->writeData(response.c_str()); } doProcessRequest(conn, request); }