@Test
  public void testFetch_noToken() throws Exception {

    Uri uri = Uri.parse("http://host?p=1");

    HttpRequest request = createMock(HttpRequest.class);
    expect(request.getUri()).andReturn(uri);
    expect(request.setUri(Uri.parse("http://host?p=1&st=default%3Anull"))).andReturn(request);
    replay(request);

    HttpResponse response = new HttpResponse();

    HttpFetcher fetcher = createMock(HttpFetcher.class);
    expect(fetcher.fetch(request)).andReturn(response);
    replay(fetcher);

    FakeUserHttpFetcher fakeFetcher;
    fakeFetcher = new FakeUserHttpFetcher(config, fetcher, crypter);
    fakeFetcher.fetch(request);

    verify(request);
    verify(fetcher);
  }
  @Test
  public void testFetch_withToken() throws Exception {

    Uri uri = Uri.parse("http://host?p=1&st=sometoken");

    // We should get the request untouched.
    HttpRequest request = createMock(HttpRequest.class);
    expect(request.getUri()).andReturn(uri);
    replay(request);

    HttpResponse response = new HttpResponse();

    HttpFetcher fetcher = createMock(HttpFetcher.class);
    expect(fetcher.fetch(request)).andReturn(response);
    replay(fetcher);

    FakeUserHttpFetcher fakeFetcher;
    fakeFetcher = new FakeUserHttpFetcher(config, fetcher, crypter);
    fakeFetcher.fetch(request);

    verify(request);
    verify(fetcher);
  }
Example #3
0
  @Override
  public void fetch(HttpServletRequest request, HttpServletResponse response)
      throws IOException, GadgetException {
    if (request.getHeader("If-Modified-Since") != null) {
      response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
      return;
    }

    String host = request.getHeader("Host");
    if (!lockedDomainService.isSafeForOpenProxy(host)) {
      // Force embedded images and the like to their own domain to avoid XSS
      // in gadget domains.
      String msg =
          "Embed request for url "
              + getParameter(request, URL_PARAM, "")
              + " made to wrong domain "
              + host;
      logger.info(msg);
      throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, msg);
    }

    HttpRequest rcr = buildHttpRequest(request);
    HttpResponse results = fetcher.fetch(rcr);
    if (contentRewriterRegistry != null) {
      results = contentRewriterRegistry.rewriteHttpResponse(rcr, results);
    }

    setResponseHeaders(request, response, results);

    for (Map.Entry<String, List<String>> entry : results.getHeaders().entrySet()) {
      String name = entry.getKey();
      if (!DISALLOWED_RESPONSE_HEADERS.contains(name.toLowerCase())) {
        for (String value : entry.getValue()) {
          response.addHeader(name, value);
        }
      }
    }

    if (rcr.getRewriteMimeType() != null) {
      response.setContentType(rcr.getRewriteMimeType());
    }

    if (results.getHttpStatusCode() != HttpResponse.SC_OK) {
      response.sendError(results.getHttpStatusCode());
    }

    IOUtils.copy(results.getResponse(), response.getOutputStream());
  }