2017-11-20 06:10:04 +01:00
|
|
|
// Copyright 2017 Frédéric Guillot. All rights reserved.
|
|
|
|
// Use of this source code is governed by the Apache 2.0
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package core
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"time"
|
2017-11-22 03:30:16 +01:00
|
|
|
|
|
|
|
"github.com/miniflux/miniflux2/server/template"
|
2017-11-20 06:10:04 +01:00
|
|
|
)
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
// Response handles HTTP responses.
|
2017-11-20 06:10:04 +01:00
|
|
|
type Response struct {
|
|
|
|
writer http.ResponseWriter
|
|
|
|
request *http.Request
|
2017-11-22 04:37:47 +01:00
|
|
|
template *template.Engine
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
// SetCookie send a cookie to the client.
|
2017-11-20 06:10:04 +01:00
|
|
|
func (r *Response) SetCookie(cookie *http.Cookie) {
|
|
|
|
http.SetCookie(r.writer, cookie)
|
|
|
|
}
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
// JSON returns a JSONResponse.
|
|
|
|
func (r *Response) JSON() *JSONResponse {
|
2017-11-20 06:10:04 +01:00
|
|
|
r.commonHeaders()
|
2017-12-04 02:44:27 +01:00
|
|
|
return NewJSONResponse(r.writer, r.request)
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
// HTML returns a HTMLResponse.
|
|
|
|
func (r *Response) HTML() *HTMLResponse {
|
2017-11-20 06:10:04 +01:00
|
|
|
r.commonHeaders()
|
2017-11-22 03:30:16 +01:00
|
|
|
return &HTMLResponse{writer: r.writer, request: r.request, template: r.template}
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
// XML returns a XMLResponse.
|
|
|
|
func (r *Response) XML() *XMLResponse {
|
2017-11-20 06:10:04 +01:00
|
|
|
r.commonHeaders()
|
2017-11-22 03:30:16 +01:00
|
|
|
return &XMLResponse{writer: r.writer, request: r.request}
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
// Redirect redirects the user to another location.
|
2017-11-20 06:10:04 +01:00
|
|
|
func (r *Response) Redirect(path string) {
|
|
|
|
http.Redirect(r.writer, r.request, path, http.StatusFound)
|
|
|
|
}
|
|
|
|
|
2017-11-22 08:09:01 +01:00
|
|
|
// NotModified sends a response with a 304 status code.
|
|
|
|
func (r *Response) NotModified() {
|
|
|
|
r.writer.WriteHeader(http.StatusNotModified)
|
|
|
|
}
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
// Cache returns a response with caching headers.
|
|
|
|
func (r *Response) Cache(mimeType, etag string, content []byte, duration time.Duration) {
|
|
|
|
r.writer.Header().Set("Content-Type", mimeType)
|
2017-11-20 06:10:04 +01:00
|
|
|
r.writer.Header().Set("Etag", etag)
|
|
|
|
r.writer.Header().Set("Cache-Control", "public")
|
|
|
|
r.writer.Header().Set("Expires", time.Now().Add(duration).Format(time.RFC1123))
|
|
|
|
|
|
|
|
if etag == r.request.Header.Get("If-None-Match") {
|
|
|
|
r.writer.WriteHeader(http.StatusNotModified)
|
|
|
|
} else {
|
|
|
|
r.writer.Write(content)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (r *Response) commonHeaders() {
|
|
|
|
r.writer.Header().Set("X-XSS-Protection", "1; mode=block")
|
|
|
|
r.writer.Header().Set("X-Content-Type-Options", "nosniff")
|
|
|
|
r.writer.Header().Set("X-Frame-Options", "DENY")
|
2017-12-05 05:46:49 +01:00
|
|
|
|
|
|
|
// Even if the directive "frame-src" has been deprecated in Firefox,
|
|
|
|
// we keep it to stay compatible with other browsers.
|
|
|
|
r.writer.Header().Set("Content-Security-Policy", "default-src 'self'; img-src *; media-src *; frame-src *; child-src *")
|
2017-11-20 06:10:04 +01:00
|
|
|
}
|
|
|
|
|
2017-11-22 03:30:16 +01:00
|
|
|
// NewResponse returns a new Response.
|
2017-11-22 04:37:47 +01:00
|
|
|
func NewResponse(w http.ResponseWriter, r *http.Request, template *template.Engine) *Response {
|
2017-11-20 06:10:04 +01:00
|
|
|
return &Response{writer: w, request: r, template: template}
|
|
|
|
}
|