From 687ec1a15969a88e00f84b6f45f751c99cc91d92 Mon Sep 17 00:00:00 2001 From: Wiktor Kwapisiewicz Date: Wed, 6 Nov 2019 13:10:32 +0100 Subject: Add support for HTTP Upload headers Some services use Authorization header [0] to pass upload credential data. This avoids the token being exposed in server logs and is allowed by XEP-0363 since version 0.5.0. This change adds support for headers allowed in XEP-0363: Authorization, Expires and Cookie. [0]: https://xmpp.org/extensions/xep-0363.html#request --- xmpp-vala/src/module/xep/0363_http_file_upload.vala | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'xmpp-vala/src/module/xep/0363_http_file_upload.vala') diff --git a/xmpp-vala/src/module/xep/0363_http_file_upload.vala b/xmpp-vala/src/module/xep/0363_http_file_upload.vala index 8829ad15..ae7169e1 100644 --- a/xmpp-vala/src/module/xep/0363_http_file_upload.vala +++ b/xmpp-vala/src/module/xep/0363_http_file_upload.vala @@ -1,5 +1,6 @@ using Xmpp; using Xmpp.Xep; +using Gee; namespace Xmpp.Xep.HttpFileUpload { @@ -21,6 +22,7 @@ public class Module : XmppStreamModule { public struct SlotResult { public string url_get { get; set; } public string url_put { get; set; } + public HashMap headers { get; set; } } public async SlotResult request_slot(XmppStream stream, string filename, int64 file_size, string? content_type) throws HttpFileTransferError { Flag? flag = stream.get_flag(Flag.IDENTITY); @@ -71,6 +73,15 @@ public class Module : XmppStreamModule { return; } + slot_result.headers = new HashMap(); + + foreach (StanzaNode node in iq.stanza.get_deep_subnodes(flag.ns_ver + ":slot", flag.ns_ver + ":put", flag.ns_ver + ":header")) { + string header_name = node.get_attribute("name"); + if (header_name == "Authorization" || header_name == "Cookie" || header_name == "Expires") { + slot_result.headers[header_name] = node.get_string_content(); + } + } + slot_result.url_get = url_get; slot_result.url_put = url_put; -- cgit v1.2.3-54-g00ecf