@url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE}
checks.
+@item And there is insanity of downloading fonts.
+ Why the hell people just do not send PostScript documents instead!?
+
@end itemize
That is why I wrote @command{tofuproxy} -- pure Go HTTP proxy, MitMing
@item TLS client certificates usage capability.
-@item Web fonts download restriction.
-
@end itemize
w.Write([]byte(err.Error()))
return
}
+ contentType := resp.Header.Get("Content-Type")
+ switch contentType {
+ case "application/font-woff", "application/font-sfnt":
+ // Those are deprecated types
+ fallthrough
+ case "font/otf", "font/ttf", "font/woff", "font/woff2":
+ http.NotFound(w, req)
+ sinkOther <- fmt.Sprintf(
+ "%s %s\t%d\tfonts are not allowed",
+ req.Method,
+ req.URL.String(),
+ http.StatusNotFound,
+ )
+ resp.Body.Close()
+ return
+ }
for k, vs := range resp.Header {
if k == "Location" || k == "Content-Type" || k == "Content-Length" {
continue