github/cordova-android
github/cordova-android
3
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2025-02-01 01:53:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #275 from imhotep/master

Browse Source 
Improved whitelisting
This commit is contained in:
hardeep 2011-10-20 16:18:42 -07:00
commit 996791696b
2 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
framework/res/xml/phonegap.xml Executable file → Normal file
View File

34
framework/src/com/phonegap/DroidGap.java
View File

@ -1665,13 +1665,35 @@ public class DroidGap extends PhonegapActivity {
* @param subdomains T=include all subdomains under origin * @param subdomains T=include all subdomains under origin
*/ */
public void addWhiteListEntry(String origin, boolean subdomains) { public void addWhiteListEntry(String origin, boolean subdomains) {
if (subdomains) { try {
LOG.d(TAG, "Origin to allow with subdomains: %s", origin); // Unlimited access to network resources
whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://.*"))); if(origin.compareTo("*") == 0) {
} else { LOG.d(TAG, "Unlimited access to network resources");
LOG.d(TAG, "Origin to allow: %s", origin); whiteList.add(Pattern.compile("*"));
whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://"))); } else { // specific access
// check if subdomains should be included
// TODO: we should not add more domains if * has already been added
if (subdomains) {
// XXX making it stupid friendly for people who forget to include protocol/SSL
if(origin.startsWith("http")) {
whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://.*")));
} else {
whiteList.add(Pattern.compile("^https{0,1}://.*"+origin));
}
LOG.d(TAG, "Origin to allow with subdomains: %s", origin);
} else {
// XXX making it stupid friendly for people who forget to include protocol/SSL
if(origin.startsWith("http")) {
whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://")));
} else {
whiteList.add(Pattern.compile("^https{0,1}://"+origin));
}
LOG.d(TAG, "Origin to allow: %s", origin);
}
} }
} catch(Exception e) {
LOG.d(TAG, "Failed to add origin %s", origin);
}
} }
/** /**