From f1e5653601472da30802829872d482e139ed4d9b Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Mon, 6 Aug 2018 16:22:21 +0200 Subject: [PATCH] hardcode limited MIME Types for the swap webserver The MIME Types only need to be set on files that we are actually using to display in the browser. All others should not be set so that they cannot be abused. --- .../java/org/fdroid/fdroid/net/LocalHTTPD.java | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/app/src/full/java/org/fdroid/fdroid/net/LocalHTTPD.java b/app/src/full/java/org/fdroid/fdroid/net/LocalHTTPD.java index da63dcf1f..ae71ff414 100644 --- a/app/src/full/java/org/fdroid/fdroid/net/LocalHTTPD.java +++ b/app/src/full/java/org/fdroid/fdroid/net/LocalHTTPD.java @@ -4,7 +4,6 @@ import android.content.Context; import android.content.Intent; import android.net.Uri; import android.util.Log; -import android.webkit.MimeTypeMap; import fi.iki.elonen.NanoHTTPD; import org.fdroid.fdroid.BuildConfig; import org.fdroid.fdroid.Utils; @@ -40,6 +39,11 @@ public class LocalHTTPD extends NanoHTTPD { if (useHttps) { enableHTTPS(); } + MIME_TYPES = new HashMap<>(); // ignore nanohttpd's list + MIME_TYPES.put("apk", "application/vnd.android.package-archive"); + MIME_TYPES.put("html", "text/html"); + MIME_TYPES.put("png", "image/png"); + MIME_TYPES.put("xml", "application/xml"); } /** @@ -296,16 +300,6 @@ public class LocalHTTPD extends NanoHTTPD { return res; } - private static String getAndroidMimeTypeForFile(String uri) { - String type = null; - String extension = MimeTypeMap.getFileExtensionFromUrl(uri); - if (extension != null) { - MimeTypeMap mime = MimeTypeMap.getSingleton(); - type = mime.getMimeTypeFromExtension(extension); - } - return type; - } - private String findIndexFileInDirectory(File directory) { String indexFileName = "index.html"; File indexFile = new File(directory, indexFileName);