| Index: sdk/lib/io/http_impl.dart
|
| diff --git a/sdk/lib/io/http_impl.dart b/sdk/lib/io/http_impl.dart
|
| index 971186d9f3ee1edb3d1f2186caba2a124aeb0557..ab52a2161ba35d4025c0afb1a0545de51294a779 100644
|
| --- a/sdk/lib/io/http_impl.dart
|
| +++ b/sdk/lib/io/http_impl.dart
|
| @@ -429,14 +429,16 @@ abstract class _HttpOutboundMessage<T> extends _IOSinkImpl {
|
|
|
| _HttpOutboundMessage(Uri uri,
|
| String protocolVersion,
|
| - _HttpOutgoing outgoing)
|
| + _HttpOutgoing outgoing,
|
| + {_HttpHeaders initialHeaders})
|
| : super(outgoing, null),
|
| _uri = uri,
|
| headers = new _HttpHeaders(
|
| protocolVersion,
|
| defaultPortForScheme: uri.scheme == 'https' ?
|
| HttpClient.DEFAULT_HTTPS_PORT :
|
| - HttpClient.DEFAULT_HTTP_PORT),
|
| + HttpClient.DEFAULT_HTTP_PORT,
|
| + initialHeaders: initialHeaders),
|
| _outgoing = outgoing {
|
| _outgoing.outbound = this;
|
| _encodingMutable = false;
|
| @@ -503,9 +505,10 @@ class _HttpResponse extends _HttpOutboundMessage<HttpResponse>
|
| _HttpResponse(Uri uri,
|
| String protocolVersion,
|
| _HttpOutgoing outgoing,
|
| + HttpHeaders defaultHeaders,
|
| String serverHeader)
|
| - : super(uri, protocolVersion, outgoing) {
|
| - if (serverHeader != null) headers._add('server', serverHeader);
|
| + : super(uri, protocolVersion, outgoing, initialHeaders: defaultHeaders) {
|
| + if (serverHeader != null) headers.set('server', serverHeader);
|
| }
|
|
|
| bool get _isConnectionClosed => _httpRequest._httpConnection._isClosing;
|
| @@ -2037,6 +2040,7 @@ class _HttpConnection
|
| var response = new _HttpResponse(incoming.uri,
|
| incoming.headers.protocolVersion,
|
| outgoing,
|
| + _httpServer.defaultResponseHeaders,
|
| _httpServer.serverHeader);
|
| var request = new _HttpRequest(response, incoming, _httpServer, this);
|
| _streamFuture = outgoing.done
|
| @@ -2155,6 +2159,7 @@ class _HttpServer
|
| static Map<int, _HttpServer> _servers = new Map<int, _HttpServer>();
|
|
|
| String serverHeader;
|
| + final HttpHeaders defaultResponseHeaders = _initDefaultResponseHeaders();
|
|
|
| Duration _idleTimeout;
|
| Timer _idleTimer;
|
| @@ -2197,6 +2202,15 @@ class _HttpServer
|
| try { _serverSocket._owner = this; } catch (_) {}
|
| }
|
|
|
| + static HttpHeaders _initDefaultResponseHeaders() {
|
| + var defaultResponseHeaders = new _HttpHeaders('1.1');
|
| + defaultResponseHeaders.contentType = ContentType.TEXT;
|
| + defaultResponseHeaders.set('X-Frame-Options', 'SAMEORIGIN');
|
| + defaultResponseHeaders.set('X-Content-Type-Options', 'nosniff');
|
| + defaultResponseHeaders.set('X-XSS-Protection', '1; mode=block');
|
| + return defaultResponseHeaders;
|
| + }
|
| +
|
| Duration get idleTimeout => _idleTimeout;
|
|
|
| void set idleTimeout(Duration duration) {
|
|
|
Chromium Code Reviews
Issue 443373003:
Make the default HTTP server configuration more secure (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart