From: Remi Gacogne Date: Wed, 13 Jan 2016 16:54:54 +0000 (+0100) Subject: dnsdist: Remove remote images in the webserver index X-Git-Tag: dnsdist-1.0.0-alpha2~81^2~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=864a66418adf1b218993bf811a4ea9aa4b7d9156;p=pdns dnsdist: Remove remote images in the webserver index - Remove the github link/image - Add the powerdns logo to the html directory - Add handling for PNG files in the webserver - Edit the CSP policy to only allows local images - Explicitely asks jQuery not to use JSONP while fetching the stats --- diff --git a/pdns/dnsdist-web.cc b/pdns/dnsdist-web.cc index 4920de303..cc98b7337 100644 --- a/pdns/dnsdist-web.cc +++ b/pdns/dnsdist-web.cc @@ -79,7 +79,7 @@ static void connectionThread(int sock, ComboAddress remote, string password) resp.headers["X-Frame-Options"] = "deny"; resp.headers["X-Permitted-Cross-Domain-Policies"] = "none"; resp.headers["X-XSS-Protection"] = "1; mode=block"; - resp.headers["Content-Security-Policy"] = "default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'"; + resp.headers["Content-Security-Policy"] = "default-src 'self'; style-src 'self' 'unsafe-inline'"; if(req.method == "OPTIONS") { /* the OPTIONS method should not require auth, otherwise it breaks CORS */ @@ -228,6 +228,8 @@ static void connectionThread(int sock, ComboAddress remote, string password) resp.headers["Content-Type"] = "text/css"; else if(parts.back() == "js") resp.headers["Content-Type"] = "application/javascript"; + else if(parts.back() == "png") + resp.headers["Content-Type"] = "image/png"; resp.status=200; } else if(resp.url.path=="/") { diff --git a/pdns/dnsdistdist/html/index.html b/pdns/dnsdistdist/html/index.html index 6cda59e1d..547038c96 100644 --- a/pdns/dnsdistdist/html/index.html +++ b/pdns/dnsdistdist/html/index.html @@ -42,13 +42,8 @@ - Fork me on GitHub - - - +

dnsdist comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
diff --git a/pdns/dnsdistdist/html/local.js b/pdns/dnsdistdist/html/local.js index 22804d853..448b4aaf7 100644 --- a/pdns/dnsdistdist/html/local.js +++ b/pdns/dnsdistdist/html/local.js @@ -142,6 +142,7 @@ $(document).ready(function() { $.ajax({ url: 'jsonstat?command=stats', type: 'GET', + dataType: 'json', jsonp: false, success: function(data, x, y) { $("#questions").text(data["queries"]); @@ -182,7 +183,7 @@ $(document).ready(function() { }, }); - $.ajax({ url: 'api/v1/servers/localhost', type: 'GET', dataType: 'json', + $.ajax({ url: 'api/v1/servers/localhost', type: 'GET', dataType: 'json', jsonp: false, success: function(data) { $("#version").text(data["daemon_type"]+" "+data["version"]); $("#acl").text(data["acl"]); @@ -215,7 +216,7 @@ $(document).ready(function() { // return; // updateRingBuffers(); - $.ajax({ url: 'jsonstat?command=dynblocklist', type: 'GET', dataType: 'json', + $.ajax({ url: 'jsonstat?command=dynblocklist', type: 'GET', dataType: 'json', jsonp: false, success: function(data) { var bouw=''; var gotsome=false; diff --git a/pdns/dnsdistdist/html/powerdns-logo-220px.png b/pdns/dnsdistdist/html/powerdns-logo-220px.png new file mode 100644 index 000000000..7c299c0f2 Binary files /dev/null and b/pdns/dnsdistdist/html/powerdns-logo-220px.png differ
Dyn blocked netmaskSecondsBlocksReason