Differences From
Artifact [ca6d27c8d7]:
228 228 self:rawpage(200, pg, [lib.mem.ptr(lib.http.header)] {
229 229 ptr = &hdrs[0], ct = 3
230 230 })
231 231 end
232 232 end
233 233
234 234 terra convo:stdpage(pg: convo.page) self:statpage(200, pg) end
235 +
236 +terra convo:bytestream(mime: pstring, data: lib.mem.ptr(uint8))
237 + -- TODO this is not a satisfactory solution; it's a bandaid on a gaping
238 + -- chest wound. ultimately we need to compile a whitelist of safe mime
239 + -- types as part of mimelib, but that is no small task. for now, this
240 + -- will keep the patient from immediately bleeding out
241 + if mime:cmp(lib.str.plit'text/html') or
242 + mime:cmp(lib.str.plit'text/xml') or
243 + mime:cmp(lib.str.plit'application/xhtml+xml') or
244 + mime:cmp(lib.str.plit'application/vnd.wap.xhtml+xml')
245 + then -- danger will robinson
246 + mime = lib.str.plit'text/plain'
247 + elseif mime:cmp(lib.str.plit'application/x-shockwave-flash') then
248 + mime = lib.str.plit'application/octet-stream'
249 + end
250 + lib.net.mg_printf(self.con, "HTTP/1.1 200 OK\r\nContent-Type: %.*s\r\nContent-Length: %llu\r\nContent-Security-Policy: sandbox; default-src 'none'; form-action 'none'; navigate-to 'none';\r\nX-Content-Options: nosniff\r\n\r\n", mime.ct, mime.ptr, data.ct + 2)
251 + lib.net.mg_send(self.con, data.ptr, data.ct)
252 + lib.net.mg_send(self.con, '\r\n', 2)
253 +end
235 254
236 255 terra convo:reroute_cookie(dest: rawstring, cookie: rawstring)
237 256 var hdrs = array(
238 257 lib.http.header { key = 'Content-Type', value = 'text/html; charset=UTF-8' },
239 258 lib.http.header { key = 'Location', value = dest },
240 259 lib.http.header { key = 'Set-Cookie', value = cookie }
241 260 )