diff options
| author | Jose <jose@zeroc.com> | 2020-12-30 18:19:03 +0100 |
|---|---|---|
| committer | Jose <jose@zeroc.com> | 2020-12-30 18:19:03 +0100 |
| commit | 11cd756348552dd5cb81beb9b8245eef11bf875e (patch) | |
| tree | 08fb766ff65863209afdc02670529f6476f9e019 | |
| parent | Fix exception message (diff) | |
| download | ice-11cd756348552dd5cb81beb9b8245eef11bf875e.tar.bz2 ice-11cd756348552dd5cb81beb9b8245eef11bf875e.tar.xz ice-11cd756348552dd5cb81beb9b8245eef11bf875e.zip | |
Check URLs pass to JavaScript HTTP test server
| -rw-r--r-- | js/bin/HttpServer.js | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/js/bin/HttpServer.js b/js/bin/HttpServer.js index 26466bef266..2e4228bcc52 100644 --- a/js/bin/HttpServer.js +++ b/js/bin/HttpServer.js @@ -62,7 +62,7 @@ function Init() HttpServer.prototype.processRequest = function(req, res) { - var matchController = req.url.pathname.match("^\/test/(.*)/controller\.html"); + var matchController = req.url.pathname.match("^\/test/(.*)/controller\\.html"); if(matchController) { var es5 = matchController[1].indexOf("es5/") !== -1; @@ -186,12 +186,28 @@ function Init() var ext = path.extname(filePath).slice(1); - // - // When the browser asks for a .js or .css file and it has support for gzip content - // check if a gzip version (.js.gz or .css.gz) of the file exists and use that instead. - // - if((ext == "js" || ext == "css" || ext == "map") && req.headers["accept-encoding"].indexOf("gzip") !== -1) + if(req.url.pathname === '/') + { + res.writeHead(302, + { + "Location": "/test/Ice/acm/index.html" + }); + res.end(); + console.log("HTTP/302 (Found) " + req.method + " " + req.url.pathname + " -> " + + "/test/Ice/acm/index.html"); + } + else if(filePath.indexOf("..") != -1 || ["/test/", "/assets/"].some(prefix => filePath.startsWith(prefix))) + { + res.writeHead(403); + res.end("403 Forbiden"); + console.log("HTTP/403 (Forbiden) " + req.method + " " + req.url.pathname + " -> " + filePath); + } + else if((ext == "js" || ext == "css" || ext == "map") && req.headers["accept-encoding"].indexOf("gzip") !== -1) { + // + // When the browser asks for a .js or .css file and it has support for gzip content + // check if a gzip version (.js.gz or .css.gz) of the file exists and use that instead. + // fs.stat(filePath + ".gz", function(err, stats) { @@ -238,17 +254,7 @@ function Init() } else { - if(req.url.pathname === '/') - { - res.writeHead(302, - { - "Location": "/test/Ice/acm/index.html" - }); - res.end(); - console.log("HTTP/302 (Found) " + req.method + " " + req.url.pathname + " -> " + - "/test/Ice/acm/index.html"); - } - else if(!stats.isFile()) + if(!stats.isFile()) { res.writeHead(403); res.end("403 Forbiden"); |