From 462c1e208f02e4977c7e96c0f5936987931d5bc1 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 30 Jul 2016 23:37:13 +0200
Subject: PSHB: work-around for SuperFeeder

Feeds using SuperFeeder for PubSubHubbub push had timeout problems
during substription.
SuperFeeder bot was returning 422 "We could not verify your callback
Error: ETIMEDOUT"
It seems to be due to the the fact that SuperFeeder bot uses keep-alive
but expects the server to close the connection.
https://github.com/FreshRSS/FreshRSS/issues/312#issuecomment-73716936
---
 p/api/pshb.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'p/api/pshb.php')

diff --git a/p/api/pshb.php b/p/api/pshb.php
index 7de4cc1a2..136b98fc9 100644
--- a/p/api/pshb.php
+++ b/p/api/pshb.php
@@ -65,11 +65,13 @@ if (!empty($_REQUEST['hub_mode']) && $_REQUEST['hub_mode'] === 'subscribe') {
 		$hubJson['error'] = true;	//Do not assume that PubSubHubbub works until the first successul push
 	}
 	file_put_contents('./!hub.json', json_encode($hubJson));
+	header('Connection: close');
 	exit(isset($_REQUEST['hub_challenge']) ? $_REQUEST['hub_challenge'] : '');
 }
 
 if (!empty($_REQUEST['hub_mode']) && $_REQUEST['hub_mode'] === 'unsubscribe') {
 	if (empty($hubJson['lease_end']) || $hubJson['lease_end'] < time()) {
+		header('Connection: close');
 		exit(isset($_REQUEST['hub_challenge']) ? $_REQUEST['hub_challenge'] : '');
 	} else {
 		header('HTTP/1.1 422 Unprocessable Entity');
-- 
cgit v1.2.3


From 1a53058ef0887df6dfb91ae269ef76ee5d3f9a31 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
Date: Mon, 29 Aug 2016 09:44:18 +0200
Subject: HTTP security: prevent reflection abuse

https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx
---
 p/api/pshb.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'p/api/pshb.php')

diff --git a/p/api/pshb.php b/p/api/pshb.php
index 136b98fc9..650767114 100644
--- a/p/api/pshb.php
+++ b/p/api/pshb.php
@@ -5,6 +5,7 @@ require(LIB_PATH . '/lib_rss.php');	//Includes class autoloader
 define('MAX_PAYLOAD', 3145728);
 
 header('Content-Type: text/plain; charset=UTF-8');
+header('X-Content-Type-Options: nosniff');
 
 function logMe($text) {
 	file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND);
-- 
cgit v1.2.3