parsav  Diff

Differences From Artifact [fbf604f655]:

• File srv.t — part of check-in [e78334fe04] at 2021-01-14 05:31:36 on branch trunk — more progress on ui & circles (user: lexi, size: 35495) [annotate] [blame] [check-ins using]

To Artifact [113b729c73]:

• File srv.t — part of check-in [251b382f5c] at 2021-01-22 16:48:53 on branch trunk — somewhat defuckulate build system (user: lexi, size: 35805) [annotate] [blame] [check-ins using]

   304    304   		self:rawpage(200, pg, [lib.mem.ptr(lib.http.header)] {
   305    305   			ptr = &hdrs[0], ct = 3
   306    306   		})
   307    307   	end
   308    308   end
   309    309   
   310    310   terra convo:stdpage(pg: convo.page) self:statpage(200, pg) end
          311  +
          312  +terra convo:bytestream_trusted(lockdown: bool, mime: pstring, data: lib.mem.ptr(uint8))
          313  +	var lockhdr = "Content-Security-Policy: sandbox; default-src 'none'; form-action 'none'; navigate-to 'none';\r\n"
          314  +	if not lockdown then lockhdr = "" end
          315  +	lib.net.mg_printf(self.con, "HTTP/1.1 200 OK\r\nContent-Type: %.*s\r\nContent-Length: %llu\r\n%sX-Content-Options: nosniff\r\n\r\n", mime.ct, mime.ptr, data.ct + 2, lockdown)
          316  +	lib.net.mg_send(self.con, data.ptr, data.ct)
          317  +	lib.net.mg_send(self.con, '\r\n', 2)
          318  +end
          319  +
          320  +terra convo:json(data: pstring)
          321  +	self:bytestream_trusted(false, 'application/ld+json', data:blob())
          322  +end
   311    323   
   312    324   terra convo:bytestream(mime: pstring, data: lib.mem.ptr(uint8))
   313    325   	-- TODO this is not a satisfactory solution; it's a bandaid on a gaping
   314    326   	-- chest wound. ultimately we need to compile a whitelist of safe mime
   315    327   	-- types as part of mimelib, but that is no small task. for now, this
   316    328   	-- will keep the patient from immediately bleeding out
   317    329   	if mime:cmp('text/html') or
................................................................................
   319    331   		mime:cmp('application/xhtml+xml') or
   320    332   		mime:cmp('application/vnd.wap.xhtml+xml')
   321    333   	then -- danger will robinson
   322    334   		mime = 'text/plain'
   323    335   	elseif mime:cmp('application/x-shockwave-flash') then
   324    336   		mime = 'application/octet-stream'
   325    337   	end
   326         -	lib.net.mg_printf(self.con, "HTTP/1.1 200 OK\r\nContent-Type: %.*s\r\nContent-Length: %llu\r\nContent-Security-Policy: sandbox; default-src 'none'; form-action 'none'; navigate-to 'none';\r\nX-Content-Options: nosniff\r\n\r\n", mime.ct, mime.ptr, data.ct + 2)
   327         -	lib.net.mg_send(self.con, data.ptr, data.ct)
   328         -	lib.net.mg_send(self.con, '\r\n', 2)
          338  +	self:bytestream_trusted(true, mime, data)
   329    339   end
   330    340   
   331    341   terra convo:reroute_cookie(dest: rawstring, cookie: rawstring)
   332    342   	var hdrs = array(
   333    343   		lib.http.header { key = 'Content-Type', value = 'text/html; charset=UTF-8' },
   334    344   		lib.http.header { key = 'Location',     value = dest },
   335    345   		lib.http.header { key = 'Set-Cookie',   value = cookie }