(Object request, Object response)
| 130 | * |
| 131 | */ |
| 132 | protected void doGetAbst(Object request, Object response) throws IOException |
| 133 | { |
| 134 | String respBody = ""; |
| 135 | |
| 136 | try |
| 137 | { |
| 138 | String qs = getQueryString(request); |
| 139 | String ref = getHeader("referer", request); |
| 140 | // Set ref to something to avoid extra null branch for sc_forbidden |
| 141 | ref = ref == null ? "" : ref; |
| 142 | boolean stats = qs != null && qs.equals("stats"); |
| 143 | boolean alive = qs != null && qs.equals("alive"); |
| 144 | |
| 145 | String domain = ref.toLowerCase().matches( |
| 146 | "^https?://([a-z0-9,-]+[.])*draw[.]io/.*") ? ".draw.io/" |
| 147 | : null; |
| 148 | domain = (domain == null) ? (ref.toLowerCase() |
| 149 | .matches("^https?://([a-z0-9,-]+[.])*diagrams[.]net/.*") |
| 150 | ? ".diagrams.net/" |
| 151 | : null) |
| 152 | : domain; |
| 153 | |
| 154 | if (stats || alive || domain != null) |
| 155 | { |
| 156 | if (stats) |
| 157 | { |
| 158 | setHeader("Content-Type", "text/plain", response); |
| 159 | respBody = CacheFacade.getStatistics(); |
| 160 | setStatus(HttpServletResponse.SC_OK, response); |
| 161 | } |
| 162 | else |
| 163 | { |
| 164 | setHeader("Access-Control-Allow-Origin", |
| 165 | ref.toLowerCase().substring(0, |
| 166 | ref.indexOf(domain) + domain.length() - 1), response); |
| 167 | |
| 168 | if (alive) |
| 169 | { |
| 170 | respBody = "<ok/>\n"; |
| 171 | setStatus(HttpServletResponse.SC_OK, response); |
| 172 | } |
| 173 | else |
| 174 | { |
| 175 | // Disables wire-compression |
| 176 | setHeader("Content-Type", "application/octet-stream", response); |
| 177 | String id = getParameter("id", request); |
| 178 | String from = getParameter("from", request); |
| 179 | String to = getParameter("to", request); |
| 180 | String secret = getParameter("secret", request); |
| 181 | |
| 182 | if (id != null) |
| 183 | { |
| 184 | try |
| 185 | { |
| 186 | if (secret != null |
| 187 | && (from == null || to == null)) |
| 188 | { |
| 189 | respBody = createToken(id, secret); |
nothing calls this directly
no test coverage detected