fixing whitelist handling

This commit is contained in:
Anis Kadri 2012-01-13 17:29:46 -08:00
parent 8db5e06c62
commit 64c462c8ad

View File

@ -1904,24 +1904,24 @@ public class DroidGap extends PhonegapActivity {
// Unlimited access to network resources
if(origin.compareTo("*") == 0) {
LOG.d(TAG, "Unlimited access to network resources");
whiteList.add(Pattern.compile("*"));
whiteList.add(Pattern.compile(".*"));
} else { // specific access
// check if subdomains should be included
// TODO: we should not add more domains if * has already been added
if (subdomains) {
// XXX making it stupid friendly for people who forget to include protocol/SSL
if(origin.startsWith("http")) {
whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://.*")));
whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://(.*\\.)?")));
} else {
whiteList.add(Pattern.compile("^https{0,1}://.*"+origin));
whiteList.add(Pattern.compile("^https?://(.*\\.)?"+origin));
}
LOG.d(TAG, "Origin to allow with subdomains: %s", origin);
} else {
// XXX making it stupid friendly for people who forget to include protocol/SSL
if(origin.startsWith("http")) {
whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://")));
whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://")));
} else {
whiteList.add(Pattern.compile("^https{0,1}://"+origin));
whiteList.add(Pattern.compile("^https?://"+origin));
}
LOG.d(TAG, "Origin to allow: %s", origin);
}