public function getHeaders()
{
$headers = $this->headers;
Log::add($headers, 'headers raw');
// For HTML content, overwrite upstream cache conf.
if (isset($headers['Cache-Control'])) {
if ($this->getContentType() == $this::CONTENT_TYPE_TEXT_HTML) {
unset($headers['Cache-Control']);
}
} else {
if ($this->getContentType() == $this::CONTENT_TYPE_OTHER) {
$headers['Cache-Control'] = getCacheControlHeader(60 * 60, 60 * 60, 60 * 60 * 24);
}
}
// If redirect, rewrite Location header.
if (isset($headers['Location'])) {
if (parse_url($headers['Location'], PHP_URL_HOST)) {
TextExternalUrlFilters::applyAll($headers['Location']);
}
// Header redirects require full URLs, with scheme and host.
if (!parse_url($headers['Location'], PHP_URL_HOST)) {
$headers['Location'] = RedirectWhenBlockedFull::getBaseUrl(true) . ltrim($headers['Location'], '/');
}
}
// Rewrite set-cookie headers (or remove if cookies disabled).
if (isset($headers['Set-Cookie'])) {
if (!Conf::$cookies_enabled) {
unset($headers['Set-Cookie']);
} else {
if (is_array($headers['Set-Cookie'])) {
foreach ($headers['Set-Cookie'] as &$set_cookie) {
$set_cookie = $this->getFilteredSetCookie($set_cookie);
}
} else {
$headers['Set-Cookie'] = $this->getFilteredSetCookie($headers['Set-Cookie']);
}
}
}
// Unset some.
$skip = array('Connection', 'Content-Encoding', 'Transfer-Encoding', 'X-Original-Content-Encoding');
foreach ($skip as $s) {
if (isset($headers[$s])) {
unset($headers[$s]);
}
}
Log::add($headers, 'headers filtered');
return $headers;
}
<?php
$apk_url = RedirectWhenBlockedFull::getBaseUrl() . '?' . RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME . '=' . Conf::OUTPUT_TYPE_APK;
$url = 'https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=' . urlencode($apk_url) . '&choe=UTF-8';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);
if ($response) {
header('Cache-Control: ' . getCacheControlHeader(60 * 60 * 24, 60 * 60 * 24 * 7, 60 * 60 * 24 * 7));
header('Content-Type: image/png');
print $response;
}
<?php
require 'main.inc';
// Default cache.
// Will be overwritten by message below if it has it's own Cache-Control header.
// Send this early, to prevent caching error pages for longer than the duration.
header('Cache-Control: ' . getCacheControlHeader(Conf::$default_cache_control_max_age, Conf::$default_cache_control_stale_while_revalidate, Conf::$default_cache_control_stale_if_error));
// Make sure to send these security headers are included in all responses.
$required_security_headers['X-Content-Type-Options'] = 'nosniff';
$required_security_headers['X-Download-Options'] = 'noopen';
$required_security_headers['X-XSS-Protection'] = '1; mode=block';
// HSTS disabled for now.
// $required_security_headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubdomains';
foreach ($required_security_headers as $key => $value) {
header($key . ': ' . $value);
}
Log::add($_SERVER, '$_SERVER');
if (isset($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME])) {
// Key cannot be empty.
if (Conf::$alt_base_urls_key) {
// Verify key. Set this in conf-local.inc.
if (isset($_GET['key']) && $_GET['key'] == Conf::$alt_base_urls_key) {
if ($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME] == Conf::OUTPUT_TYPE_ALT_BASE_URLS) {
header('Content-Type: application/javascript');
print json_encode(RedirectWhenBlockedFull::getAltBaseUrls());
exit;
}
if ($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME] == Conf::OUTPUT_TYPE_APK_URLS) {
header('Content-Type: application/javascript');
$urls = array();
foreach (RedirectWhenBlockedFull::getAltBaseUrls() as $url) {