equal
deleted
inserted
replaced
17 HTTP_NOT_FOUND, |
17 HTTP_NOT_FOUND, |
18 HTTP_NOT_MODIFIED, |
18 HTTP_NOT_MODIFIED, |
19 HTTP_OK, |
19 HTTP_OK, |
20 HTTP_SERVER_ERROR, |
20 HTTP_SERVER_ERROR, |
21 caching, |
21 caching, |
|
22 cspvalues, |
22 permhooks, |
23 permhooks, |
23 ) |
24 ) |
24 from .request import wsgirequest |
25 from .request import wsgirequest |
25 |
26 |
26 from .. import ( |
27 from .. import ( |
113 # if it is updated. Since this is a reference and nothing should |
114 # if it is updated. Since this is a reference and nothing should |
114 # modify the underlying object, it should be constant for the lifetime |
115 # modify the underlying object, it should be constant for the lifetime |
115 # of the request. |
116 # of the request. |
116 self.websubtable = app.websubtable |
117 self.websubtable = app.websubtable |
117 |
118 |
|
119 self.csp, self.nonce = cspvalues(self.repo.ui) |
|
120 |
118 # Trust the settings from the .hg/hgrc files by default. |
121 # Trust the settings from the .hg/hgrc files by default. |
119 def config(self, section, name, default=None, untrusted=True): |
122 def config(self, section, name, default=None, untrusted=True): |
120 return self.repo.ui.config(section, name, default, |
123 return self.repo.ui.config(section, name, default, |
121 untrusted=untrusted) |
124 untrusted=untrusted) |
122 |
125 |
199 'encoding': encoding.encoding, |
202 'encoding': encoding.encoding, |
200 'motd': motd, |
203 'motd': motd, |
201 'sessionvars': sessionvars, |
204 'sessionvars': sessionvars, |
202 'pathdef': makebreadcrumb(req.url), |
205 'pathdef': makebreadcrumb(req.url), |
203 'style': style, |
206 'style': style, |
|
207 'nonce': self.nonce, |
204 } |
208 } |
205 tmpl = templater.templater.frommapfile(mapfile, |
209 tmpl = templater.templater.frommapfile(mapfile, |
206 filters={'websub': websubfilter}, |
210 filters={'websub': websubfilter}, |
207 defaults=defaults) |
211 defaults=defaults) |
208 return tmpl |
212 return tmpl |
315 rctx = requestcontext(self, repo) |
319 rctx = requestcontext(self, repo) |
316 |
320 |
317 # This state is global across all threads. |
321 # This state is global across all threads. |
318 encoding.encoding = rctx.config('web', 'encoding', encoding.encoding) |
322 encoding.encoding = rctx.config('web', 'encoding', encoding.encoding) |
319 rctx.repo.ui.environ = req.env |
323 rctx.repo.ui.environ = req.env |
|
324 |
|
325 if rctx.csp: |
|
326 # hgwebdir may have added CSP header. Since we generate our own, |
|
327 # replace it. |
|
328 req.headers = [h for h in req.headers |
|
329 if h[0] != 'Content-Security-Policy'] |
|
330 req.headers.append(('Content-Security-Policy', rctx.csp)) |
320 |
331 |
321 # work with CGI variables to create coherent structure |
332 # work with CGI variables to create coherent structure |
322 # use SCRIPT_NAME, PATH_INFO and QUERY_STRING as well as our REPO_NAME |
333 # use SCRIPT_NAME, PATH_INFO and QUERY_STRING as well as our REPO_NAME |
323 |
334 |
324 req.url = req.env['SCRIPT_NAME'] |
335 req.url = req.env['SCRIPT_NAME'] |
412 |
423 |
413 if cmd == '': |
424 if cmd == '': |
414 req.form['cmd'] = [tmpl.cache['default']] |
425 req.form['cmd'] = [tmpl.cache['default']] |
415 cmd = req.form['cmd'][0] |
426 cmd = req.form['cmd'][0] |
416 |
427 |
417 if rctx.configbool('web', 'cache', True): |
428 # Don't enable caching if using a CSP nonce because then it wouldn't |
|
429 # be a nonce. |
|
430 if rctx.configbool('web', 'cache', True) and not rctx.nonce: |
418 caching(self, req) # sets ETag header or raises NOT_MODIFIED |
431 caching(self, req) # sets ETag header or raises NOT_MODIFIED |
419 if cmd not in webcommands.__all__: |
432 if cmd not in webcommands.__all__: |
420 msg = 'no such method: %s' % cmd |
433 msg = 'no such method: %s' % cmd |
421 raise ErrorResponse(HTTP_BAD_REQUEST, msg) |
434 raise ErrorResponse(HTTP_BAD_REQUEST, msg) |
422 elif cmd == 'file' and 'raw' in req.form.get('style', []): |
435 elif cmd == 'file' and 'raw' in req.form.get('style', []): |