diff --git a/include/bitcoin/node/protocols/protocol_html.hpp b/include/bitcoin/node/protocols/protocol_html.hpp index a721309dd..ca4d80a4d 100644 --- a/include/bitcoin/node/protocols/protocol_html.hpp +++ b/include/bitcoin/node/protocols/protocol_html.hpp @@ -52,11 +52,11 @@ class BCN_API protocol_html const network::http::method::get& request) NOEXCEPT override; /// Senders. - void send_file(const network::http::string_request& request, + void send_file(const network::http::request& request, network::http::file&& file, network::http::mime_type type) NOEXCEPT; /// Utilities. - bool is_allowed_origin(const std::string& origin, + bool is_allowed_origin(const network::http::fields& fields, size_t version) const NOEXCEPT; std::filesystem::path to_local_path( const std::string& target = "/") const NOEXCEPT; diff --git a/src/protocols/protocol_explore.cpp b/src/protocols/protocol_explore.cpp index bc1faba65..1f4f3ccc6 100644 --- a/src/protocols/protocol_explore.cpp +++ b/src/protocols/protocol_explore.cpp @@ -44,14 +44,14 @@ void protocol_explore::handle_receive_get(const code& ec, return; // Enforce http origin policy (requires configured hosts). - if (!is_allowed_origin((*request)[field::origin], request->version())) + if (!is_allowed_origin(*request, request->version())) { send_forbidden(*request); return; } // Enforce http host header (if any hosts are configured). - if (!is_allowed_host((*request)[field::host], request->version())) + if (!is_allowed_host(*request, request->version())) { send_bad_host(*request); return; diff --git a/src/protocols/protocol_html.cpp b/src/protocols/protocol_html.cpp index e377aa721..153251271 100644 --- a/src/protocols/protocol_html.cpp +++ b/src/protocols/protocol_html.cpp @@ -43,14 +43,14 @@ void protocol_html::handle_receive_get(const code& ec, return; // Enforce http origin policy (requires configured hosts). - if (!is_allowed_origin((*request)[field::origin], request->version())) + if (!is_allowed_origin(*request, request->version())) { send_forbidden(*request); return; } // Enforce http host header (if any hosts are configured). - if (!is_allowed_host((*request)[field::host], request->version())) + if (!is_allowed_host(*request, request->version())) { send_bad_host(*request); return; @@ -72,15 +72,15 @@ void protocol_html::handle_receive_get(const code& ec, return; } - const auto default_type = mime_type::application_octet; + const auto default_type = mime_type::application_octet_stream; send_file(*request, std::move(file), file_mime_type(path, default_type)); } // Senders. // ---------------------------------------------------------------------------- -void protocol_html::send_file(const string_request& request, - file&& file, mime_type type) NOEXCEPT +void protocol_html::send_file(const request& request, file&& file, + mime_type type) NOEXCEPT { BC_ASSERT_MSG(stranded(), "strand"); BC_ASSERT_MSG(file.is_open(), "sending closed file handle"); @@ -98,13 +98,14 @@ void protocol_html::send_file(const string_request& request, // Utilities. // ---------------------------------------------------------------------------- -bool protocol_html::is_allowed_origin(const std::string& origin, +bool protocol_html::is_allowed_origin(const fields& fields, size_t version) const NOEXCEPT { BC_ASSERT_MSG(stranded(), "strand"); // Allow same-origin and no-origin requests. // Origin header field is not available until http 1.1. + const auto origin = fields[field::origin]; if (origin.empty() || version < version_1_1) return true;