Add Vary headers in responses (#536)

* Add `Vary` headers in responses

* Add `Referer` to file handler `Vary`

* Fix Vary value for routes
This commit is contained in:
Kot 2023-03-15 18:25:46 -07:00 committed by GitHub
parent 1fb67f49ff
commit 3dcbfe2e4d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -245,6 +245,8 @@ func canContainsXSS(contentType string) bool {
/* The preview handler will show a preview of the content for browsers (accept type text/html), and referer is not transfer.sh */ /* The preview handler will show a preview of the content for browsers (accept type text/html), and referer is not transfer.sh */
func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) { func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Vary", "Range, Referer, X-Decrypt-Password")
vars := mux.Vars(r) vars := mux.Vars(r)
token := vars["token"] token := vars["token"]
@ -397,6 +399,7 @@ func (s *Server) viewHandler(w http.ResponseWriter, r *http.Request) {
token(s.randomTokenLength), token(s.randomTokenLength),
} }
w.Header().Set("Vary", "Accept")
if acceptsHTML(r.Header) { if acceptsHTML(r.Header) {
if err := htmlTemplates.ExecuteTemplate(w, "index.html", data); err != nil { if err := htmlTemplates.ExecuteTemplate(w, "index.html", data); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
@ -1157,6 +1160,7 @@ func (s *Server) headHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Connection", "close") w.Header().Set("Connection", "close")
w.Header().Set("X-Remaining-Downloads", remainingDownloads) w.Header().Set("X-Remaining-Downloads", remainingDownloads)
w.Header().Set("X-Remaining-Days", remainingDays) w.Header().Set("X-Remaining-Days", remainingDays)
w.Header().Set("Vary", "Range, Referer, X-Decrypt-Password")
if s.storage.IsRangeSupported() { if s.storage.IsRangeSupported() {
w.Header().Set("Accept-Ranges", "bytes") w.Header().Set("Accept-Ranges", "bytes")
@ -1250,6 +1254,7 @@ func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", contentType) w.Header().Set("Content-Type", contentType)
w.Header().Set("Content-Length", strconv.FormatUint(contentLength, 10)) w.Header().Set("Content-Length", strconv.FormatUint(contentLength, 10))
w.Header().Set("Vary", "Range, Referer, X-Decrypt-Password")
if _, err = io.Copy(w, decryptionReader); err != nil { if _, err = io.Copy(w, decryptionReader); err != nil {
s.logger.Printf("%s", err.Error()) s.logger.Printf("%s", err.Error())