mirror of
https://github.com/apache/cordova-android.git
synced 2025-01-31 17:32:51 +08:00
fixing whitelist handling
This commit is contained in:
parent
8db5e06c62
commit
64c462c8ad
@ -1904,24 +1904,24 @@ public class DroidGap extends PhonegapActivity {
|
||||
// Unlimited access to network resources
|
||||
if(origin.compareTo("*") == 0) {
|
||||
LOG.d(TAG, "Unlimited access to network resources");
|
||||
whiteList.add(Pattern.compile("*"));
|
||||
whiteList.add(Pattern.compile(".*"));
|
||||
} else { // specific access
|
||||
// check if subdomains should be included
|
||||
// TODO: we should not add more domains if * has already been added
|
||||
if (subdomains) {
|
||||
// XXX making it stupid friendly for people who forget to include protocol/SSL
|
||||
if(origin.startsWith("http")) {
|
||||
whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://.*")));
|
||||
whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://(.*\\.)?")));
|
||||
} else {
|
||||
whiteList.add(Pattern.compile("^https{0,1}://.*"+origin));
|
||||
whiteList.add(Pattern.compile("^https?://(.*\\.)?"+origin));
|
||||
}
|
||||
LOG.d(TAG, "Origin to allow with subdomains: %s", origin);
|
||||
} else {
|
||||
// XXX making it stupid friendly for people who forget to include protocol/SSL
|
||||
if(origin.startsWith("http")) {
|
||||
whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://")));
|
||||
whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://")));
|
||||
} else {
|
||||
whiteList.add(Pattern.compile("^https{0,1}://"+origin));
|
||||
whiteList.add(Pattern.compile("^https?://"+origin));
|
||||
}
|
||||
LOG.d(TAG, "Origin to allow: %s", origin);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user