Skip to content

Commit

Permalink
remove code duplication
Browse files Browse the repository at this point in the history
  • Loading branch information
@ornicar
ornicar committed Apr 11, 2024
1 parent a90dfc5 commit 2a2d154
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 14 deletions.
12 changes: 2 additions & 10 deletions app/http/CtrlExtensions.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import play.api.mvc.*

import lila.common.HTTPRequest

trait CtrlExtensions extends ControllerHelpers:
trait CtrlExtensions extends ControllerHelpers with ResponseHeaders:

val env: Env

Expand All @@ -26,15 +26,7 @@ trait CtrlExtensions extends ControllerHelpers:
result.withHeaders(LINK -> s"<${env.net.baseUrl}${url}>; rel=\"canonical\"")
def withCanonical(url: Call): Result = withCanonical(url.url)
def enforceCrossSiteIsolation(using req: RequestHeader): Result =
val coep =
if HTTPRequest.isChrome96Plus(req) ||
(HTTPRequest.isFirefox119Plus(req) && !HTTPRequest.isMobileBrowser(req))
then "credentialless"
else "require-corp"
result.withHeaders(
"Cross-Origin-Embedder-Policy" -> coep,
"Cross-Origin-Opener-Policy" -> "same-origin"
)
result.withHeaders(embedderPolicy.forReq(req)*)
def noCache: Result = result.withHeaders(
CACHE_CONTROL -> "no-cache, no-store, must-revalidate",
EXPIRES -> "0"
Expand Down
10 changes: 9 additions & 1 deletion app/http/ResponseHeaders.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,18 @@ trait ResponseHeaders extends HeaderNames:

object embedderPolicy:

def isSet(result: Result) = result.header.headers.contains(embedderPolicyHeader).pp("is set")
def isSet(result: Result) = result.header.headers.contains(embedderPolicyHeader)

def forReq(req: RequestHeader) =
if supportsCoepCredentialless(req) then credentialless else requireCorp

def supportsCoepCredentialless(req: RequestHeader) =
import HTTPRequest.*
isChrome96Plus(req) || (isFirefox119Plus(req) && !isMobileBrowser(req))

def default = headers("unsafe-none")
def credentialless = headers("credentialless")
def requireCorp = headers("require-corp")

private val openerPolicyHeader = "Cross-Origin-Opener-Policy"
private val embedderPolicyHeader = "Cross-Origin-Embedder-Policy"
Expand Down
3 changes: 0 additions & 3 deletions modules/common/src/main/HTTPRequest.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,6 @@ object HTTPRequest:
def isAndroid = UaMatcher("Android")
def isLitools(req: RequestHeader) = userAgent(req).has(UserAgent("litools"))

def supportsCoepCredentialless(req: RequestHeader) =
isChrome96Plus(req) || (isFirefox119Plus(req) && !isMobileBrowser(req))

def origin(req: RequestHeader): Option[String] = req.headers.get(HeaderNames.ORIGIN)
def referer(req: RequestHeader): Option[String] = req.headers.get(HeaderNames.REFERER)

Expand Down

0 comments on commit 2a2d154

Please sign in to comment.