Annotation of loncom/interface/lonexturlcheck.pm, revision 1.1
1.1 ! raeburn 1: # The LearningOnline Network with CAPA
! 2: # Handler to check if external resource can be shown in iframe
! 3: #
! 4: # $Id: lonexturlcheck,v 1.1 2019/05/01 18:25:28 raeburn Exp $
! 5: #
! 6: # Copyright Michigan State University Board of Trustees
! 7: #
! 8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
! 9: #
! 10: # LON-CAPA is free software; you can redistribute it and/or modify
! 11: # it under the terms of the GNU General Public License as published by
! 12: # the Free Software Foundation; either version 2 of the License, or
! 13: # (at your option) any later version.
! 14: #
! 15: # LON-CAPA is distributed in the hope that it will be useful,
! 16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
! 17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! 18: # GNU General Public License for more details.
! 19: #
! 20: # You should have received a copy of the GNU General Public License
! 21: # along with LON-CAPA; if not, write to the Free Software
! 22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
! 23: #
! 24: # /home/httpd/html/adm/gpl.txt
! 25: #
! 26: # http://www.lon-capa.org/
! 27: #
! 28: #
! 29: ###############################################################
! 30: ###############################################################
! 31:
! 32: =pod
! 33:
! 34: =head1 NAME
! 35:
! 36: Apache::lonexturlcheck - External Resource URL checker
! 37:
! 38: =head1 SYNOPSIS
! 39:
! 40: Called in course context by course personnel either with the course editing
! 41: privilege or with view-only access to course editing tools.
! 42:
! 43: Query string contains one item: name=exturl, value=URL of external resource
! 44: (format: http://hostname/path or https://hostname/path).
! 45:
! 46: The resource URL is sent to &loncommon::is_nonframeable() to check whether
! 47: it can be displayed in an iframe in a page served by the current host.
! 48:
! 49: =head1 OVERVIEW
! 50:
! 51: Input: external resource URL (from query string passed to /adm/exturlcheck).
! 52:
! 53: Hostname, lonHostID, and IP address for this node are retrieved from Apache.
! 54:
! 55: Dependencies: calls &loncommon::is_nonframeable() to check if server where
! 56: external resource is hosted is configured with a Content-Security-Policy or
! 57: with X-Frame-options settings which prohibit display of the resource within
! 58: an iframe in a LON-CAPA page served from this node.
! 59:
! 60: Output to print buffer: (content-type: text/plain): 1, 0, -1 or empty string.
! 61: '' -- display in iframe is allowed
! 62: 1 -- display in iframe not allowed
! 63: 0 -- invalid URL
! 64: -1 -- could not verify course editing privilege or view-only access to
! 65: course editing tools
! 66:
! 67: HTTP Return codes:
! 68: 406 -- if user is not in a course
! 69: 200 -- otherwise
! 70:
! 71: =cut
! 72:
! 73: package Apache::lonexturlcheck;
! 74:
! 75: use strict;
! 76: use Apache::Constants qw(:common :http);
! 77: use Apache::lonnet;
! 78: use Apache::loncommon;
! 79: use LONCAPA::LWPReq;
! 80: use HTTP::Request;
! 81:
! 82: sub handler {
! 83: my $r=shift;
! 84: if ($r->header_only) {
! 85: &Apache::loncommon::content_type($r,'text/html');
! 86: $r->send_http_header;
! 87: return OK;
! 88: }
! 89: if (!$env{'request.course.fn'}) {
! 90: # Not in a course.
! 91: $env{'user.error.msg'}="/adm/lonexturlcheck:bre:0:0:Not in a course";
! 92: return HTTP_NOT_ACCEPTABLE;
! 93: }
! 94: &Apache::loncommon::content_type($r,'text/plain');
! 95: $r->send_http_header;
! 96: my $uselink;
! 97: if (($env{'request.course.id'}) &&
! 98: ((&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) ||
! 99: (&Apache::lonnet::allowed('cev',$env{'request.course.id'})))) {
! 100: &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['exturl']);
! 101: if ($env{'form.exturl'} =~ m{^https?\://[^/]+}) {
! 102: my $hostname = $r->hostname();
! 103: my $lonhost = $r->dir_config('lonHostID');
! 104: my $ip = &Apache::lonnet::get_host_ip($lonhost);
! 105: $r->print(&Apache::loncommon::is_nonframeable($env{'form.exturl'},'',$hostname,$ip));
! 106: } else {
! 107: $r->print(0);
! 108: }
! 109: } else {
! 110: $r->print(-1);
! 111: }
! 112: return OK;
! 113: }
! 114:
! 115: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonexturlcheck.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / interface