mirror of
https://github.com/dutchcoders/transfer.sh.git
synced 2026-02-09 00:39:54 +00:00
Compare commits
4 Commits
issue-503
...
fix-header
| Author | SHA1 | Date | |
|---|---|---|---|
|
ee26333c43 | ||
|
|
f6f4bc11e0 | ||
|
|
3dcbfe2e4d | ||
|
|
1fb67f49ff |
@@ -245,6 +245,8 @@ func canContainsXSS(contentType string) bool {
|
||||
|
||||
/* The preview handler will show a preview of the content for browsers (accept type text/html), and referer is not transfer.sh */
|
||||
func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Vary", "Range, Referer, X-Decrypt-Password")
|
||||
|
||||
vars := mux.Vars(r)
|
||||
|
||||
token := vars["token"]
|
||||
@@ -397,6 +399,7 @@ func (s *Server) viewHandler(w http.ResponseWriter, r *http.Request) {
|
||||
token(s.randomTokenLength),
|
||||
}
|
||||
|
||||
w.Header().Set("Vary", "Accept")
|
||||
if acceptsHTML(r.Header) {
|
||||
if err := htmlTemplates.ExecuteTemplate(w, "index.html", data); err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
@@ -1157,6 +1160,7 @@ func (s *Server) headHandler(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Connection", "close")
|
||||
w.Header().Set("X-Remaining-Downloads", remainingDownloads)
|
||||
w.Header().Set("X-Remaining-Days", remainingDays)
|
||||
w.Header().Set("Vary", "Range, Referer, X-Decrypt-Password")
|
||||
|
||||
if s.storage.IsRangeSupported() {
|
||||
w.Header().Set("Accept-Ranges", "bytes")
|
||||
@@ -1228,16 +1232,8 @@ func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("X-Remaining-Downloads", remainingDownloads)
|
||||
w.Header().Set("X-Remaining-Days", remainingDays)
|
||||
|
||||
if rng != nil && rng.ContentRange() != "" {
|
||||
w.WriteHeader(http.StatusPartialContent)
|
||||
}
|
||||
|
||||
if disposition == "inline" && canContainsXSS(contentType) {
|
||||
reader = io.NopCloser(bluemonday.UGCPolicy().SanitizeReader(reader))
|
||||
}
|
||||
|
||||
password := r.Header.Get("X-Decrypt-Password")
|
||||
decryptionReader, err := attachDecryptionReader(reader, password)
|
||||
reader, err = attachDecryptionReader(reader, password)
|
||||
if err != nil {
|
||||
http.Error(w, "Could not decrypt file", http.StatusInternalServerError)
|
||||
return
|
||||
@@ -1250,8 +1246,17 @@ func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
w.Header().Set("Content-Type", contentType)
|
||||
w.Header().Set("Content-Length", strconv.FormatUint(contentLength, 10))
|
||||
w.Header().Set("Vary", "Range, Referer, X-Decrypt-Password")
|
||||
|
||||
if _, err = io.Copy(w, decryptionReader); err != nil {
|
||||
if rng != nil && rng.ContentRange() != "" {
|
||||
w.WriteHeader(http.StatusPartialContent)
|
||||
}
|
||||
|
||||
if disposition == "inline" && canContainsXSS(contentType) {
|
||||
reader = io.NopCloser(bluemonday.UGCPolicy().SanitizeReader(reader))
|
||||
}
|
||||
|
||||
if _, err = io.Copy(w, reader); err != nil {
|
||||
s.logger.Printf("%s", err.Error())
|
||||
http.Error(w, "Error occurred copying to output stream", http.StatusInternalServerError)
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user