Author: etnu
Date: Wed Oct 15 16:29:26 2008
New Revision: 705097
URL: http://svn.apache.org/viewvc?rev=705097&view=rev
Log:
Skipped sending Content-Disposition headers for flash, which is breaking Flash
10. This reduces our phishing protection, which means that we'll need to come
up with a better solution in the long term.
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java
Modified:
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java?rev=705097&r1=705096&r2=705097&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ProxyBase.java
Wed Oct 15 16:29:26 2008
@@ -24,9 +24,10 @@
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpResponse;
+import java.io.IOException;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
/**
* Base class for proxy-based handlers.
@@ -108,7 +109,12 @@
refreshInterval = Math.max(60 * 60, (int)(results.getCacheTtl() /
1000L));
}
HttpUtil.setCachingHeaders(response, refreshInterval);
- response.setHeader("Content-Disposition", "attachment;filename=p.txt");
+ // We're skipping the content disposition header for flash due to an issue
with Flash player 10
+ // This does make some sites a higher value phishing target, but this can
be mitigated by
+ // additional referer checks.
+ if
(!"application/x-shockwave-flash".equalsIgnoreCase(results.getHeader("Content-Type")))
{
+ response.setHeader("Content-Disposition", "attachment;filename=p.txt");
+ }
}
/**
Modified:
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java?rev=705097&r1=705096&r2=705097&view=diff
==============================================================================
---
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java
(original)
+++
incubator/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/ProxyBaseTest.java
Wed Oct 15 16:29:26 2008
@@ -18,20 +18,23 @@
*/
package org.apache.shindig.gadgets.servlet;
-import com.google.common.collect.Maps;
+import static org.easymock.EasyMock.expect;
+
import org.apache.shindig.common.ContainerConfig;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
-import static org.easymock.EasyMock.expect;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import com.google.common.collect.Maps;
+
import java.util.Arrays;
import java.util.List;
import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
/**
* Tests for ProxyBase.
*/
@@ -145,6 +148,22 @@
assertEquals("attachment;filename=p.txt",
recorder.getHeader("Content-Disposition"));
}
+ public void testSetResponseHeadersForFlash() {
+ HttpResponse results = new HttpResponseBuilder()
+ .setHeader("Content-Type", "application/x-shockwave-flash")
+ .create();
+
+ replay();
+
+ proxy.setResponseHeaders(request, recorder, results);
+
+ // Just verify that they were set. Specific values are configurable.
+ assertNotNull("Expires header not set", recorder.getHeader("Expires"));
+ assertNotNull("Cache-Control header not set",
recorder.getHeader("Cache-Control"));
+ assertNull("Content-Disposition header set for flash",
+ recorder.getHeader("Content-Disposition"));
+ }
+
public void testSetResponseHeadersNoCache() {
Map<String, List<String>> headers =
Maps.newTreeMap(String.CASE_INSENSITIVE_ORDER);
headers.put("Pragma", Arrays.asList("no-cache"));
