Commit graph

150 commits

Author SHA1 Message Date
Miklos Vajna
6e0d1ad707 document signing: whitelist CSP frame-src for doc sign endpoint URL
If document signing is enabled in loolwsd.xml, then explicitly whitelist
iframe creation towards the doc sign endpoint server, to avoid

> Refused to frame '...' because it violates the following Content Security Policy directive: "frame-src 'self' blob:".

Note that this happened only in non-debug builds, as we currently don't
send eny Content Security Policy headers in debug builds.

Change-Id: Iee2a0644d67d5803ab3f5c636b8e960fa619792f
2018-12-05 16:14:44 +01:00
Tomaž Vajngerl
2861299c77 make vereign server configurable, dynamically show sign. infobar
document_signing_url in loolwsd now accepts a vereign server URL
endpoint. If not provided, the signing functionallity won't be
available.

The document signing infobar is now shown dynamically so by
default it is not shown, but when the users clicks in menu the
"sign document", the infobar is shown (the document-content is
css "top" value is adjusted via JQuery).

Change-Id: I9d5f6b68ba3612eeeb9de28c9c0333b4d1bf41d8
Reviewed-on: https://gerrit.libreoffice.org/64298
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Tested-by: Tomaž Vajngerl <quikee@gmail.com>
2018-11-29 22:46:07 +01:00
Samuel Mehrbrodt
1d9a9e834a Always allow frame embedding in debug mode
Change-Id: I81c434cfd75c0732e8b6aaaba1392059b0637182
2018-11-29 09:34:37 +01:00
Samuel Mehrbrodt
8f1abe4839 Only add the host to frame-ancestors
not the whole URL with all parameters

Change-Id: I42e3a6a4c05410284afea51bb13ac3f692b243ef
Reviewed-on: https://gerrit.libreoffice.org/64147
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
2018-11-28 09:53:35 +01:00
Samuel Mehrbrodt
296aba1bea Improve allowed frame-ancestors
Beforehand, any host could embed the iframe as the Referer was always allowed.

Now, only the loolwsd and the WOPI host are allowed to do that.
Additionally, a config option has been added to add more allowed hosts.

X-Frame-Options supports has been removed as it supports only one host
and CSP is meanwhile supported in ~all major browsers.

Change-Id: I222720e1220116102708c50edaf08e2a4a0aebda
Reviewed-on: https://gerrit.libreoffice.org/63864
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
2018-11-23 16:33:55 +01:00
Miklos Vajna
a514abff88 document signing: fix disabled case for Calc/Impress
If the document-container has an explicit style attribute, then this
breaks Calc (only Writer was tested before). This restores the correct
Writer/Calc/Impress behavior when the setting is false and keeps correct
behavior with Writer when the setting is true.

Change-Id: I310660e88af4407e521529ec41b5dcb604108bd9
2018-11-12 11:53:42 +01:00
Miklos Vajna
c74c9e39c8 Disable document signing via config setting
It's not too easy to customize CSS, so move the top position of the
document container to loleaflet.html, where it's convenient to handle
this.

JS can dynamically query if the menu item should be there, similar to
the about dialog.

Change-Id: I4b2799a41f8ad31e3a9b4983fd1947d2e0363a2b
2018-11-09 13:56:02 +01:00
Andras Timar
2d62529359 don't use ssl key file for admin console auth, use a generated key instead
Change-Id: I424afe0184a64b7f069d896bde6941e42b7b5531
rational: setup is easier in case, when user does not use ssl in loolwsd config
Reviewed-on: https://gerrit.libreoffice.org/61076
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2018-10-05 16:38:46 +02:00
Jan Holesovsky
5ae112d563 ServiceRoot: Fix the admin console (the jwt token generation).
Change-Id: Ic1772692471d29c99d7d68834cddb6b304e721d2
2018-09-08 00:12:20 +02:00
Jan Holesovsky
7152a8a55c ServiceRoot: Fix the branding and update the admin console debug URL.
Change-Id: Id10d7a4d99ea993a398467e528e2018cc12d503b
2018-09-08 00:12:20 +02:00
Jan Holesovsky
c5259eb7b6 ServiceRoot: Add the serviceRoot to various html and js files.
Change-Id: Ibd9093afa3d1f014c70328446ee42189dd0c2117
2018-09-08 00:12:20 +02:00
Jan Holesovsky
9d07230f8a ServiceRoot: Allow prefixing all the URI paths with a given prefix.
For instances that has to run in a deeper path like
https://server/something/blah/loleaflet/HASH/loleaflet.html.

Change-Id: Idacdaf9087d682fd527c3af2ea45d6b51a33908e
2018-09-08 00:12:15 +02:00
Miklos Vajna
468f8fedb5 wsd: 'path' is copy-constructed from a const reference but is only used as const reference
Make it a const reference.
2018-08-03 09:10:09 +02:00
Miklos Vajna
6f3fd44c03 wsd: make these a const reference instead of copying for each invocation 2018-07-31 09:19:03 +02:00
George Wood
73b8da4ab0 Cleanup error reporting. 2018-07-24 12:27:35 +01:00
George Wood
e8235e50c8 A more attractive 404 page. 2018-07-24 12:27:35 +01:00
Ashod Nakashian
18750d2d39 wsd: warn for invalid file requests by clients instead of error
Also, logs append new-line automatically.

Change-Id: Ie5b09e454236cab2cdaa14d6f8be7b67e8fb1000
Reviewed-on: https://gerrit.libreoffice.org/52416
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-06-11 22:17:04 +02:00
Jan Holesovsky
ce5fefcb5d Need a way to test the branding even in the debug mode.
Change-Id: Ia1d082a05393b298cd009a256b1a708e924097b9
Reviewed-on: https://gerrit.libreoffice.org/55290
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2018-06-04 20:15:23 +02:00
Andras Timar
14bda5897e more tweaks to supported/unsupported branding
Change-Id: I6df2047ace23a2613bb1a314284c8aa2cc2a5c8d
Reviewed-on: https://gerrit.libreoffice.org/54759
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2018-05-24 15:35:23 -04:00
Jan Holesovsky
49b3957086 Throw if admin console is not enabled.
And few other smaller tweaks around different branding with support key
enabled.

Change-Id: I9a751374c9384d9535a208c9bd912e2041fd5879
Reviewed-on: https://gerrit.libreoffice.org/54753
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2018-05-24 15:22:07 -04:00
Henry Castro
6ff069db62 respond different logo brands when it has support
Change-Id: Icddc8b67a20fd829c90c3c5d8eb6942da9c5e74d
Reviewed-on: https://gerrit.libreoffice.org/53583
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2018-05-24 15:10:45 -04:00
Andras Timar
d66e8d13b7 serve files with old gith hash in their path, that comes from cached discovery.xml
moreover:
* noCache is always true in debug mode
* when noCache is true we return an explicit "Cache-Control: no-cache" line

Change-Id: I157a410df0a90f9ab151b899e44566b95cbd9929
Reviewed-on: https://gerrit.libreoffice.org/54517
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-05-18 14:17:23 +02:00
Jan Holesovsky
88eefe75c5 Improve readability of the admin console password check.
Also disable PAM by default.

Change-Id: Id1197f0d049ce56f698952b87d2c4760412eb8ec
Reviewed-on: https://gerrit.libreoffice.org/53727
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-05-02 16:34:57 +02:00
Andras Timar
0f59930e7f do not allow empty admin console user or password
Change-Id: I3dfb74f62c53d8c7ab80094d4831203d065f0b4c
Reviewed-on: https://gerrit.libreoffice.org/53673
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2018-05-01 21:46:07 +02:00
Michael Meeks
ce06a9ae37 Allow the Admin console to be disabled in the configuration.
Change-Id: Iacde8e891f42e9ef9399ebbebbd2b2978188d4c4
2018-04-17 20:47:17 +01:00
Miklos Vajna
cb761748ed Avoid unnecessary copy-initialization
These are copy-constructed from a const reference but are only used as
const reference; make them a const reference.

Change-Id: Id193905b65224c2db4aab88999a92e60d3af3fdf
2018-04-17 09:13:54 +02:00
Jan Holesovsky
c8ef63253a Sanity-check the scheme and host for frame ancestor, POCO does not do that.
Change-Id: Ieea9532ccd2a11e74f370a340e68f46122469848
2018-04-04 12:50:53 +02:00
Miklos Vajna
1dde430bcf wsd: spell out non-trivial autos to improve readability
Change-Id: I0e1f169fc39e5c722704e1cae487147d929f7350
2018-02-07 10:18:12 +01:00
Miklos Vajna
692d24213b wsd: can avoid copying here FileServer
Change-Id: If194705eae76e81141df9c4e86f7e7bc94b250b6
2018-01-31 09:38:05 +01:00
Andras Timar
a2e25cc7d3 Add PAM support
Possibilities are endless. With a simple /etc/pam.d/loolwsd config below,
the user which runs loolwsd ('lool' in production environment) can login
to admin console with normal linux password.

    auth       required     pam_unix.so
    account    required     pam_unix.so

Change-Id: I354a7e9b4705e8fe346d17d6b6041d1406198b37
Reviewed-on: https://gerrit.libreoffice.org/48307
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2018-01-23 11:03:45 +01:00
Pranav Kant
9cbef14160 loplugin:nullptr
Change-Id: I5f0dc970e8522b63570faa0ba05ab19dd0f45d5a
2017-12-20 22:36:41 +05:30
Pranav Kant
f63858433b loplugin:includeform
Change-Id: Ib62a7aa61062f00698aa3e8a144438de5c57e53d
2017-12-20 21:21:05 +05:30
Pranav Kant
0d4bc145ba Explicit is better than implicit; avoid invalid mem access
The form.get function is something like this:

const std::string& get(const std::string& abc) { return abc; }

passing a string literal implicitly gets converted to temporary
std::string whose reference is then returned and used. This causes
crash, atleast for me, on building online with GCC 7

Change-Id: I09d0aeea57a3dbeeefd1bb28ff645723714aa6b4
Reviewed-on: https://gerrit.libreoffice.org/46727
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
(cherry picked from commit 75c2147b7f774afccf55bb93f7fae79efb615361)
Reviewed-on: https://gerrit.libreoffice.org/46730
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-12-18 16:25:57 +01:00
Pranav Kant
768b0c0404 Bin some duplicate 404 handling
Change-Id: Ibf3ed6c5558492b122662f25f31d321a6bbc151c
2017-11-10 12:35:45 +05:30
Tor Lillqvist
4ab070ec38 Sort #include and using lines for consistency
... but did not have the time or energy to do it in all files.

Change-Id: I92ea101cae1ad7be0fd2f31ce5a8d4b4149332c9
2017-11-08 10:34:37 +02:00
Miklos Vajna
bb7ac21d44 Make sure that loop index type is never narrower than the length type
Change-Id: I19aac80850c0371085ca6364412d5ac9207220d0
2017-11-06 09:14:38 +01:00
Miklos Vajna
a3d6dee503 Remove unused strings
Change-Id: I621c462bca38222dcf26dfa1e414cf27e1a3e088
2017-11-03 15:25:09 +01:00
Jan Holesovsky
f8ca17278f access_header: Pass the access_header around + unit test.
Change-Id: I5d6d93e289d8faceda59deae128e8124a0193d95
Reviewed-on: https://gerrit.libreoffice.org/41243
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2017-08-17 13:41:07 +02:00
Andras Timar
945d74c237 wsd: fix compilation with old OpenSSL that does not have PKCS5_PBKDF2_HMAC()
Change-Id: If48641f6cbcc4d4ded78ea5cc9c9f66063a2ac0a
Reviewed-on: https://gerrit.libreoffice.org/39779
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
2017-07-31 19:40:37 +02:00
Miklos Vajna
c07efecdcf wsd: avoid string concatenation resulting in allocation of unnecessary temporary strings in FileServer
By using operator+= instead, which does not have this problem.

Change-Id: I6dd54cde7e430f2f1d549642dddd3ed1a0e9eefd
2017-07-05 11:22:06 +02:00
Miklos Vajna
3e6680209e wsd: remove unused using declarations in FileServer
Change-Id: Ia56e5af384791df036411fc4acd4b1c69afe30f4
2017-07-04 10:19:45 +02:00
Ashod Nakashian
c9b0dc0424 wsd: cleanup deflate data and free memory
With help from Valgrind to find and verify
these leaks. Also some minor cleanup to the
deflate logic.

Change-Id: I3bb3f1e01cef7025c45874ce52cfc922dfd19e21
Reviewed-on: https://gerrit.libreoffice.org/39465
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-07-03 05:43:22 +02:00
Pranav Kant
2c9966ed2f Bin unused header
Change-Id: I2067e793fe54e7c713b6d319c1f13b95a09923a3
2017-06-22 18:28:24 +05:30
Pranav Kant
2e42ae8c2f Enable HTTP key pinning when ssl termination is on too
Change-Id: Id2d7a34374236f50e28551ff9c57433d9153e2fd
2017-06-22 18:27:32 +05:30
Pranav Kant
5c7b9ce6e7 Consistency
Change-Id: I16889728d0062c058ea5831ff8892025e1719c3e
2017-06-12 16:09:10 +05:30
Pranav Kant
54ea436026 CSP - Add object-src: , this is required for printing documents
Change-Id: I4a759086f2b503dfa9df4000267d920984cfe422
2017-06-12 15:47:03 +05:30
Pranav Kant
2d0ec13249 CSP - allow WOPI host as image sources
This is needed to avoid CSP error when loading the avatar image URL from
the WOPI hosts.

Change-Id: I6bd8bd846f81bc799192e7fbc16b2d7ecc9f555e
2017-06-06 17:36:47 +05:30
Jan Holesovsky
9aecf428f6 Revert "wsd: enable option to remove About dialog elements"
The request was meant the other way around; let's just not present "About" in
the menu when there is no element with "about-dialog" id.

This reverts commit b9305d17ce.
2017-05-26 10:03:33 +02:00
Henry Castro
b9305d17ce wsd: enable option to remove About dialog elements
Change-Id: I33c351cbc7373255a22f44cb31e53f21a00869bf
2017-05-25 17:43:11 -04:00
Pranav Kant
7a4bc5b95a admin-console: Check the password against hashed value in config
The new password hash property is called secure_password in the config
file. `loolconfig` tool should be used to set the password hash in
appropriate format with desired salt length, password length, number of
iterations in PBKDF2.

To be backward compatible, plain-text password for admin-console in
config file is still accepted in case secure_password property is
missing from the config file.

Change-Id: If229999dac62856e368555c0242c4aa6f8061fba
2017-05-25 01:18:31 +05:30
Ashod Nakashian
873cbcbe91 wsd: logging corrections
Change-Id: I35c52494137ea174c218bf936bc2440634036e3e
Reviewed-on: https://gerrit.libreoffice.org/37889
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-22 07:03:47 +02:00
Pranav Kant
f47936a2da ENABLE_DEBUG has values either 0 or 1, otherwise its always defined.
Change-Id: I0253dc2d83c11888e79ddb991b065eb62bbbd805
2017-05-20 12:18:29 +05:30
Pranav Kant
4ef373ce5f wsd: Echo back port number in CSP too if found in Referer header
Otherwise, WOPI implementations that use non-standard ports get CSP
voilation errors in the browsers because Poco's URI::getHost() method
strips the port number from the host.

No harm in mentioning the port number always even if its a standard one,
so always use Poco::URI::getPort() to append the port to the frame
ancestor.

Change-Id: I9e7a7021b38f717e14af3d389e30f24ecaf6d122
2017-05-18 23:10:49 +05:30
Ashod Nakashian
d267b86bbd wsd: include version in http agent strings
And move the WOPI agent string to Common.hpp.

Change-Id: Ife679705bcd6914ddd45ad50446e690fb22dd317
Reviewed-on: https://gerrit.libreoffice.org/37607
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-05-15 05:10:06 +02:00
Ashod Nakashian
954a37a06c Configurable timeouts
Timeouts to dimming the doc in the browser
are now configurable from WSD and is relayed
to loleflet as expected.

Out of focus timeout is now 60 seconds.

Change-Id: I8452e30976f6a81b0c3bb3ba5774daa244c1640c
Reviewed-on: https://gerrit.libreoffice.org/37489
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-05-11 08:01:30 +02:00
Jan Holesovsky
6d8aa453ab wsd: Handle a non-empty, but broken frame ancestor with 'deny' too.
Change-Id: I61b6e5c7cbe7f36ecd780865a613b7a240cf7b99
2017-05-10 14:46:21 +02:00
Pranav Kant
624fc5c5de wsd: Use HTTP Referer and then WOPISrc for frame ancestor
This is required in those setup where the document is not served from
the same host user is currently connected to. Use the Referer[sic]
header to set the frame ancestors and if they are absent, fallback to
WOPISrc value provided by the WOPI host.

Change-Id: Ia63a213d10aca2df56a2884e07322c1cd8056ff8
2017-05-08 15:32:43 +05:30
Michael Meeks
0088c14850 Allow env-var to affect serving from the FS only in debug mode.
Change-Id: I5e5d176295807af4de3e802ca02a0e1a1c17646e
2017-05-08 09:51:28 +01:00
Pranav Kant
052dec41be wsd: New environment variable to not serve from memory
Its quite time consuming having to restart loolwsd everytime you make
changes in loleaflet.

Change-Id: I5cc8c5af96e758309d21598c0f23fad9082130bd
2017-05-05 15:24:21 +05:30
Michael Meeks
cda55f3a21 Various cleanups & improvements to file-serving.
Use what we read at startup as the complete set of files to serve.
Trace log filenames as we read them.
Simplify and accelerate path related checks via the hash.
Kill leak with get_current_dir_name and use the correct path.
2017-04-27 15:02:16 +01:00
Aditya Dewan
be4ebb9b1f Migrated from deflate to gzip
Change-Id: I64aec9305fe74b6cdcfe15e2f67f9d38cfd6d99a
2017-04-27 15:02:16 +01:00
Pranav Kant
0c34857527 Bin superfluous object
Poco::DateTime is enough to create an object representing the current
date time, no need to create a timestamp first.

Change-Id: Ib95b43c1f7ae4993a6d9f7ec6da1234ac2bf59aa
2017-04-25 11:30:15 +05:30
Ashod Nakashian
8b3a2ed9d7 wsd: reduce included headers
Change-Id: I3107b18b2edae34a76e9f56a5cbd24836b1b57c0
Reviewed-on: https://gerrit.libreoffice.org/36872
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-04-24 06:52:02 +02:00
Henry Castro
1a580cc993 wsd: add mime type image/png
IE11 requires explicit content-type image/png

Change-Id: Ie0a886bc9b6af50be788456a93583176788c5315
2017-04-12 22:11:23 -04:00
Pranav Kant
699e8df9a7 Use CSP without WOPI host too
Fallback from b7eafb1e4a

Change-Id: I741a3f2320cfeec2250c10913871cf350861a39d
2017-04-12 19:58:19 +05:30
Pranav Kant
b7eafb1e4a Move CSP to response headers from meta tag in html
Some older browsers don't have meta tag support for CSP. Lets put all of
the CSP in response headers to be compatible with oldies.

Change-Id: I7f0d7c294e492b3c69ebea6fbd820d6558b9c3b3
2017-04-12 19:24:51 +05:30
Miklos Vajna
4dbdd72bc2 wsd: avoid std::string::compare() in FileServer
When we are just interested in equality. compare() is more meant for
sorting functions where negative/zero/positive return value is useful.

Change-Id: I11138a14dc08e23d33f3848aeb734d9f56f3e9f7
2017-04-12 13:46:09 +02:00
Pranav Kant
4d6b338bf0 security: Stricter Referrer-Policy: no-referrer
I don't think we should leak our address
(which mostly is behind a WOPI host and end-user
has no idea of what host LibreOffice Online is running at) in the
Referer header. Lets be more strict here and don't leak our address
at all.

Change-Id: Ibc30e9b64e2e06e2e8d541c5f089320ecb11412b
2017-04-11 00:02:00 +05:30
Pranav Kant
1437a060ec security: Implement HTTP Public key pinning
Though this guard the user against MITM attacks, but enabling this also
has the potential to brick your websites. So, do not use it/enable it
without understanding what it actually is.

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning

Though this should work, but I have not been able to test it because of
Firefox and Chrome's limitation/feature that key validation is not done
when certificate chain terminates at a user-defined trust anchor and I
couldn't find any way to temporarily enable the HPKP key validation for
such CA chains.

Change-Id: I64d4ff82b04c59642fa7b8bac2f8788a03950b28
Reviewed-on: https://gerrit.libreoffice.org/36357
Reviewed-by: pranavk <pranavk@collabora.co.uk>
Tested-by: pranavk <pranavk@collabora.co.uk>
2017-04-10 14:46:24 +02:00
Pranav Kant
74020e0f1f Revert "wsd: Fileserver cleanup"
This reverts commit de2bc17c04af088d9c7e18a97216b174494e1a9c.

Lets not introduce any cleanup commits while we are near a release, will
apply it again after the release. The cleanup is supposed to not handle
the custom file server root correctly, so don't forget to test it with
a custom file server root before re-reverting.

It changes the path where loleaflet.html is searched for from
/usr/share/loolwsd/loleaflet/... to /usr/share/loleaflet/...
and doesn't find it there.

Change-Id: I23940e9a3e06721f0a8b7493a526f42d2072cfa4
2017-04-10 15:26:05 +05:30
Pranav Kant
a0d7c33877 security: X-Frame-Options: Deny framing if no wopi host
Change-Id: I6936f8a11e3e076e111e0883305f47064e032983
2017-04-10 15:26:00 +05:30
Pranav Kant
1ca873d57e security: X-XSS-Protection header
Change-Id: I050cba3ad8aeedaefa773d78254a3a37a7ddef30
2017-04-09 23:32:06 +05:30
Pranav Kant
61b7112aa7 security: X-Content-Type-Options: nosniff
Don't think it is necessary/useful to have this header at other places.
This is the most important and perhaps the only where presence of this
header is required and seems sensible to prevent potential attacks.

Change-Id: Iad318e4b83264ac83620b86a40a49e7384e4015e
2017-04-09 23:32:06 +05:30
Pranav Kant
df8ac5f33e wsd: Only set these headers if its WOPI
Change-Id: I1ccedc9828a724b55f8642aaa2b934c37f49a4dd
2017-04-09 23:32:06 +05:30
Pranav Kant
1a1a3ebb3c wsd: Fileserver cleanup
Remove unnecessary checks

Rename preprocessFile -> preprocessAndSendLoleafletHtml and
Rename isAdminLoggedIn -> tryAdminLogin
so that their name matches the actual reality of what these
function really does.

Change-Id: I549eae31f8ab0a320bb3ff8ecd17a282b8f91e1a
2017-04-07 13:46:04 +05:30
Pranav Kant
1614f8d417 security: Mention X-Frame-Options too for ie/edge
ie/edge ignores frame-ancestor directive of CSP (yet). Mention X-Frame-Options
for them. Similary, X-Frame-Options allow-from attribute is not
supported by Chrome:
(see https://bugs.chromium.org/p/chromium/issues/detail?id=511521)
In that case, we already have frame-ancestor CSP directive for it.

Change-Id: Ide00c4db88c438de5e9c679360b3da6f4eb4a1be
2017-04-07 13:46:04 +05:30
Pranav Kant
ffc5d516b4 security: CSP: Add frame-ancestor directive
Block embedding LibreOffice Online is frames of different origin.

Change-Id: If3e04a0704e42853dc757b4be1f30fc22b8b33e4
2017-04-07 13:46:04 +05:30
dewana-dewan
4322045667 tdf#106579 - serving gzipped file content
Change-Id: I320b22babf1bf65a0f1d4b1809a6ffb1f5ec8344
2017-03-30 12:09:12 +01:00
Michael Meeks
e7ebe0fdaa remove obsolete Poco headers, and Poco SSL pieces. 2017-03-16 18:03:23 +00:00
Michael Meeks
97cb6597c8 Admin: don't set 'secure' on auth cookie for http.
Also tweak paths to accomodate bundlification, apparently un-necessary
in secure cookie mode, interestingly.
2017-03-16 16:44:27 +00:00
Michael Meeks
f392d9e6f0 Move http serving into socket impl.
Avoid caching headers with parameter, and add Date: parameter.
2017-03-15 18:21:59 +00:00
Ashod Nakashian
8b9623010a wsd: sendHttpResponse -> send
Change-Id: I7c94f6d4cd1054ea86585bfcd4079140471f3518
Reviewed-on: https://gerrit.libreoffice.org/35157
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2017-03-14 04:30:55 +00:00
Michael Meeks
fad3a046ae AdminConsole - get credentials sorted, and serve the HTML pieces. 2017-03-13 21:48:19 +00:00
Michael Meeks
71a1e188a7 Handle If-None-Match / ETag (hopefully) - hard to test ... 2017-03-11 22:28:59 +00:00
Michael Meeks
173ca5e3d6 Quote ETag. 2017-03-10 16:42:48 +00:00
Michael Meeks
3b370022c0 Improve state dumping. 2017-03-10 15:37:09 +00:00
Ashod Nakashian
b8af470918 nb: serve files synchronously
As there isn't support (yet) to send files
asynchronously, when the socket native buffer
is small, asynchronous writes naturally return
EWOULDBLOCK. As a temp solution, we send files
synchronously, so there is no need to poll.

This should be replaced witha file-server
polling/serving thread that is dedicated to
sending files only (which closes the connection
when done).

Change-Id: I062fea44bfe54ab8d147b745da97bd499bf00657
2017-03-10 10:47:44 +01:00
Ashod Nakashian
ccdb1bcc6e nb: proper POST body processing
Change-Id: Ic37094e50979e14d2862ae32088295b42d9c4931
2017-03-10 10:47:41 +01:00
Ashod Nakashian
72669bf929 nb: logging
Change-Id: Ia67f746a6c71b4753d04b92472eddf1614c0d337
2017-03-10 10:47:41 +01:00
Ashod Nakashian
925934d09d nb: set the Date in http header
Change-Id: I71e3388c1f204135c6dc72ad27890bffe53792b3
2017-03-10 10:47:41 +01:00
Ashod Nakashian
0759d1afbc nb: http error cases in file server
Change-Id: I81b0ef3f080ba61836d99fbdde0fb94e1a44a625
2017-03-10 10:47:41 +01:00
Ashod Nakashian
1bb29282f1 nb: serve files using non-blocking sockets
Change-Id: I254288980f72f197d29b7b57ec9c88a01a5a1d03
2017-03-10 10:47:40 +01:00
Ashod Nakashian
ba9ffb4775 wsd: include cleanup
Change-Id: Id481cfbab6be12a095918bdc7318fb3584345307
Reviewed-on: https://gerrit.libreoffice.org/32548
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2016-12-31 23:22:15 +00:00
Ashod Nakashian
e1d5bf4ec2 wsd: no need for first foreslash in local path
Since the local path already ends in foreslash,
no need to keep the on in provided by the client.

Change-Id: Ia2bc24c7faa84509f9ec18deefb14cad2858e856
Reviewed-on: https://gerrit.libreoffice.org/32288
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2016-12-21 15:01:39 +00:00
Ashod Nakashian
a3de232c7a wsd: FileServer logging updated
Change-Id: Ia797c6c8f9068805d85f066030f8110f0affb7f4
Reviewed-on: https://gerrit.libreoffice.org/32286
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
2016-12-21 15:00:52 +00:00
Pranav Kant
39dd5018e2 browser console logging depending on loleaflet_logging prop.
loleaflet_logging defaults to true with compiled with
--enable-debug otherwise false.

Browser will print additional debug info when this property is
set to true.

Change-Id: Id9fabf134bd8d19fa1a09ca8c0987df46d4f1a4c
2016-12-15 16:52:07 +05:30
Andras Timar
0b596ae51d wsd: do not warn about missing access_token_ttl, when there is no access_token
Change-Id: I6ac7014dee21892dfd8b3b594cafe2dc030b6b2a
2016-12-13 09:56:29 +01:00
Andras Timar
708f9be23a wsd: do not log error, when access_token_ttl is not passed 2016-12-12 19:28:37 +01:00
Pranav Kant
dde653f920 tdf#103825: Prompt the user when session is about to expire
Set a timer in loleaflet 15 minutes before access token expiry
date (access_token_ttl value) to prompt the user to save and
refresh the session.

Change-Id: I98c3e47c9b7031e29e002f653d488747b9c17df8
Reviewed-on: https://gerrit.libreoffice.org/31381
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
2016-12-02 12:38:51 +00:00
Michael Meeks
cca657c8f2 Apply the pre-branch rename script to re-organize the source. 2016-11-25 09:58:48 +00:00
Renamed from loolwsd/FileServer.cpp (Browse further)