hardcode limited MIME Types for the swap webserver

The MIME Types only need to be set on files that we are actually using to display in the browser. All others should not be set so that they cannot be abused.
2018-08-06 16:22:21 +02:00 · 2018-08-06 16:22:21 +02:00 · f1e5653601
commit f1e5653601
parent e4c9d1d522
1 changed files with 5 additions and 11 deletions
--- a/app/src/full/java/org/fdroid/fdroid/net/LocalHTTPD.java
+++ b/app/src/full/java/org/fdroid/fdroid/net/LocalHTTPD.java
@ -4,7 +4,6 @@ import android.content.Context;
 import android.content.Intent;
 import android.net.Uri;
 import android.util.Log;
-import android.webkit.MimeTypeMap;
 import fi.iki.elonen.NanoHTTPD;
 import org.fdroid.fdroid.BuildConfig;
 import org.fdroid.fdroid.Utils;
@ -40,6 +39,11 @@ public class LocalHTTPD extends NanoHTTPD {
        if (useHttps) {
            enableHTTPS();
        }
+        MIME_TYPES = new HashMap<>(); // ignore nanohttpd's list
+        MIME_TYPES.put("apk", "application/vnd.android.package-archive");
+        MIME_TYPES.put("html", "text/html");
+        MIME_TYPES.put("png", "image/png");
+        MIME_TYPES.put("xml", "application/xml");
    }

    /**
@ -296,16 +300,6 @@ public class LocalHTTPD extends NanoHTTPD {
        return res;
    }

-    private static String getAndroidMimeTypeForFile(String uri) {
-        String type = null;
-        String extension = MimeTypeMap.getFileExtensionFromUrl(uri);
-        if (extension != null) {
-            MimeTypeMap mime = MimeTypeMap.getSingleton();
-            type = mime.getMimeTypeFromExtension(extension);
-        }
-        return type;
-    }
-
    private String findIndexFileInDirectory(File directory) {
        String indexFileName = "index.html";
        File indexFile = new File(directory, indexFileName);