Skip to content

Commit

Permalink
enforce having Sec-Fetch-Mode and Sec-Fetch-Site
Browse files Browse the repository at this point in the history 
These are implemented in Chromium since July 2019, Firefox since July
2021 and Safari since March 2023.
  • Loading branch information
@thestinger
thestinger committed Jan 7, 2024
1 parent 6310dd6 commit 94670d1
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions src/main/java/app/attestation/server/AttestationServer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,12 +360,10 @@ public void checkRequestHeaders(final HttpExchange exchange) throws GeneralSecur
if (!"application/json".equals(getRequestHeaderValue(exchange, "Content-Type"))) {
throw new GeneralSecurityException();
}
final String fetchMode = getRequestHeaderValue(exchange, "Sec-Fetch-Mode");
if (fetchMode != null && !fetchMode.equals("same-origin")) {
if (!"same-origin".equals(getRequestHeaderValue(exchange, "Sec-Fetch-Mode"))) {
throw new GeneralSecurityException();
}
final String fetchSite = getRequestHeaderValue(exchange, "Sec-Fetch-Site");
if (fetchSite != null && !fetchSite.equals("same-origin")) {
if (!"same-origin".equals(getRequestHeaderValue(exchange, "Sec-Fetch-Site"))) {
throw new GeneralSecurityException();
}
final String fetchDest = getRequestHeaderValue(exchange, "Sec-Fetch-Dest");
Expand Down

0 comments on commit 94670d1

Please sign in to comment.