Return-Path: 
 <commits-return-21210-apmail-couchdb-commits-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-commits-archive@www.apache.org
Delivered-To: apmail-couchdb-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D899311F0F
	for <apmail-couchdb-commits-archive@www.apache.org>;
 Mon,  8 Sep 2014 17:16:27 +0000 (UTC)
Received: (qmail 25540 invoked by uid 500); 8 Sep 2014 17:16:27 -0000
Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org
Received: (qmail 25485 invoked by uid 500); 8 Sep 2014 17:16:27 -0000
Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@couchdb.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@couchdb.apache.org>
List-Post: <mailto:commits@couchdb.apache.org>
List-Id: <commits.couchdb.apache.org>
Reply-To: dev@couchdb.apache.org
Delivered-To: mailing list commits@couchdb.apache.org
Received: (qmail 25476 invoked by uid 99); 8 Sep 2014 17:16:27 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Sep 2014 17:16:27 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 6D18DA0E9AC; Mon,  8 Sep 2014 17:16:27 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: rnewson@apache.org
To: commits@couchdb.apache.org
Message-Id: <fe854c2bd04b421ebabab9b1b8ca7605@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: chttpd commit: updated refs/heads/master to 6577ad1
Date: Mon,  8 Sep 2014 17:16:27 +0000 (UTC)

Repository: couchdb-chttpd
Updated Branches:
  refs/heads/master 6b372c641 -> 6577ad195


Forward-port caching and csp headers for _utils


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/6577ad19
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/6577ad19
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/6577ad19

Branch: refs/heads/master
Commit: 6577ad1957ef2eb5027a9c8cf41a822fef7dfce9
Parents: 6b372c6
Author: Robert Newson <rnewson@apache.org>
Authored: Mon Sep 8 18:11:00 2014 +0100
Committer: Robert Newson <rnewson@apache.org>
Committed: Mon Sep 8 18:14:52 2014 +0100

----------------------------------------------------------------------
 src/chttpd.erl      | 11 ++++++++---
 src/chttpd_misc.erl | 13 ++++++++++++-
 2 files changed, 20 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/6577ad19/src/chttpd.erl
----------------------------------------------------------------------
diff --git a/src/chttpd.erl b/src/chttpd.erl
index 32b12c8..77093c9 100644
--- a/src/chttpd.erl
+++ b/src/chttpd.erl
@@ -19,7 +19,7 @@
     qs_value/3, qs/1, qs_json_value/3, path/1, absolute_uri/2, body_length/1,
     verify_is_server_admin/1, unquote/1, quote/1, recv/2, recv_chunked/4,
     error_info/1, parse_form/1, json_body/1, json_body_obj/1, body/1,
-    doc_etag/1, make_etag/1, etag_respond/3, partition/1, serve_file/3,
+    doc_etag/1, make_etag/1, etag_respond/3, partition/1, serve_file/3, serve_file/4,
     server_header/0, start_chunked_response/3,send_chunk/2,
     start_response_length/4, send/2, start_json_response/2,
     start_json_response/3, end_json_response/1, send_response/4,
@@ -411,9 +411,14 @@ header_value(#httpd{mochi_req=MochiReq}, Key, Default) ->
 primary_header_value(#httpd{mochi_req=MochiReq}, Key) ->
     MochiReq:get_primary_header_value(Key).
 
-serve_file(#httpd{mochi_req=MochiReq}=Req, RelativePath, DocumentRoot) ->
+serve_file(Req, RelativePath, DocumentRoot) ->
+    serve_file(Req, RelativePath, DocumentRoot, []).
+
+serve_file(#httpd{mochi_req=MochiReq}=Req, RelativePath, DocumentRoot,
+           ExtraHeaders) ->
     Headers = server_header() ++
-	couch_httpd_auth:cookie_auth_header(Req, []),
+	couch_httpd_auth:cookie_auth_header(Req, []) ++
+	ExtraHeaders,
     {ok, MochiReq:serve_file(RelativePath, DocumentRoot,
         chttpd_cors:headers(Req, Headers))}.
 

http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/6577ad19/src/chttpd_misc.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_misc.erl b/src/chttpd_misc.erl
index dea85e3..ce23fd9 100644
--- a/src/chttpd_misc.erl
+++ b/src/chttpd_misc.erl
@@ -72,7 +72,10 @@ handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) ->
     case chttpd:partition(UrlPath) of
     {_ActionKey, "/", RelativePath} ->
         % GET /_utils/path or GET /_utils/
-        chttpd:serve_file(Req, RelativePath, DocumentRoot);
+        CachingHeaders = [{"Cache-Control", "private, must-revalidate"}],
+        EnableCsp = config:get("csp", "enable", "false"),
+        Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp),
+        chttpd:serve_file(Req, RelativePath, DocumentRoot, Headers);
     {_ActionKey, "", _RelativePath} ->
         % GET /_utils
         RedirectPath = chttpd:path(Req) ++ "/",
@@ -81,6 +84,14 @@ handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) ->
 handle_utils_dir_req(Req, _) ->
     send_method_not_allowed(Req, "GET,HEAD").
 
+maybe_add_csp_headers(Headers, "true") ->
+    DefaultValues = "default-src 'self'; img-src 'self'; font-src 'self'; "
+                    "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';",
+    Value = config:get("csp", "header_value", DefaultValues),
+    [{"Content-Security-Policy", Value} | Headers];
+maybe_add_csp_headers(Headers, _) ->
+    Headers.
+
 handle_sleep_req(#httpd{method='GET'}=Req) ->
     Time = list_to_integer(chttpd:qs_value(Req, "time")),
     receive snicklefart -> ok after Time -> ok end,