Index: sdk/lib/io/http_impl.dart |
diff --git a/sdk/lib/io/http_impl.dart b/sdk/lib/io/http_impl.dart |
index 971186d9f3ee1edb3d1f2186caba2a124aeb0557..3e95adaccc0cd35d6aa7ebc90b0233b2f51baf28 100644 |
--- a/sdk/lib/io/http_impl.dart |
+++ b/sdk/lib/io/http_impl.dart |
@@ -429,14 +429,16 @@ abstract class _HttpOutboundMessage<T> extends _IOSinkImpl { |
_HttpOutboundMessage(Uri uri, |
String protocolVersion, |
- _HttpOutgoing outgoing) |
+ _HttpOutgoing outgoing, |
+ {_HttpHeaders initialHeaders}) |
: super(outgoing, null), |
_uri = uri, |
headers = new _HttpHeaders( |
protocolVersion, |
defaultPortForScheme: uri.scheme == 'https' ? |
HttpClient.DEFAULT_HTTPS_PORT : |
- HttpClient.DEFAULT_HTTP_PORT), |
+ HttpClient.DEFAULT_HTTP_PORT, |
+ initialHeaders: initialHeaders), |
_outgoing = outgoing { |
_outgoing.outbound = this; |
_encodingMutable = false; |
@@ -503,9 +505,10 @@ class _HttpResponse extends _HttpOutboundMessage<HttpResponse> |
_HttpResponse(Uri uri, |
String protocolVersion, |
_HttpOutgoing outgoing, |
+ HttpHeaders defaultHeaders, |
String serverHeader) |
- : super(uri, protocolVersion, outgoing) { |
- if (serverHeader != null) headers._add('server', serverHeader); |
+ : super(uri, protocolVersion, outgoing, initialHeaders: defaultHeaders) { |
+ if (serverHeader != null) headers.set('server', serverHeader); |
} |
bool get _isConnectionClosed => _httpRequest._httpConnection._isClosing; |
@@ -2037,6 +2040,7 @@ class _HttpConnection |
var response = new _HttpResponse(incoming.uri, |
incoming.headers.protocolVersion, |
outgoing, |
+ _httpServer.defaultResponseHeaders, |
_httpServer.serverHeader); |
var request = new _HttpRequest(response, incoming, _httpServer, this); |
_streamFuture = outgoing.done |
@@ -2155,6 +2159,7 @@ class _HttpServer |
static Map<int, _HttpServer> _servers = new Map<int, _HttpServer>(); |
String serverHeader; |
+ HttpHeaders defaultResponseHeaders; |
Anders Johnsen
2014/08/12 05:49:13
Change to:
final HttpHeaders defaultResponseHea
Søren Gjesse
2014/08/12 06:53:49
Done.
|
Duration _idleTimeout; |
Timer _idleTimer; |
@@ -2182,6 +2187,7 @@ class _HttpServer |
} |
_HttpServer._(this._serverSocket, this._closeServer) { |
+ _initDefaultResponseHeaders(); |
_controller = new StreamController<HttpRequest>(sync: true, |
onCancel: close); |
idleTimeout = const Duration(seconds: 120); |
@@ -2190,6 +2196,7 @@ class _HttpServer |
} |
_HttpServer.listenOn(this._serverSocket) : _closeServer = false { |
+ _initDefaultResponseHeaders(); |
_controller = new StreamController<HttpRequest>(sync: true, |
onCancel: close); |
idleTimeout = const Duration(seconds: 120); |
@@ -2197,6 +2204,14 @@ class _HttpServer |
try { _serverSocket._owner = this; } catch (_) {} |
} |
+ _initDefaultResponseHeaders() { |
Anders Johnsen
2014/08/12 05:49:13
Make this a static function and call it directly i
Søren Gjesse
2014/08/12 06:53:49
Done.
|
+ defaultResponseHeaders = new _HttpHeaders('1.1'); |
+ defaultResponseHeaders.contentType = ContentType.TEXT; |
+ defaultResponseHeaders.set('X-Frame-Options', 'SAMEORIGIN'); |
+ defaultResponseHeaders.set('X-Content-Type-Options', 'nosniff'); |
+ defaultResponseHeaders.set('X-XSS-Protection', '1; mode=block'); |
+ } |
+ |
Duration get idleTimeout => _idleTimeout; |
void set idleTimeout(Duration duration) { |