cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From i..@apache.org
Subject [4/9] ios commit: Defer whitelist decisions to plugins
Date Thu, 26 Mar 2015 17:52:37 GMT
Defer whitelist decisions to plugins


Project: http://git-wip-us.apache.org/repos/asf/cordova-ios/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-ios/commit/1e8ae646
Tree: http://git-wip-us.apache.org/repos/asf/cordova-ios/tree/1e8ae646
Diff: http://git-wip-us.apache.org/repos/asf/cordova-ios/diff/1e8ae646

Branch: refs/heads/4.0.x
Commit: 1e8ae6462a5632efc6caecfecc4c8a6d06c069fc
Parents: c52e7ec
Author: Ian Clelland <iclelland@chromium.org>
Authored: Mon Oct 27 10:59:40 2014 -0400
Committer: Ian Clelland <iclelland@chromium.org>
Committed: Thu Mar 19 11:06:30 2015 -0400

----------------------------------------------------------------------
 .../Classes/Public/CDVCommandDelegateImpl.m     |  3 +-
 CordovaLib/Classes/Public/CDVURLProtocol.m      | 10 ++-
 CordovaLib/Classes/Public/CDVViewController.h   |  2 +-
 CordovaLib/Classes/Public/CDVViewController.m   | 65 ++++++++++----------
 4 files changed, 37 insertions(+), 43 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/1e8ae646/CordovaLib/Classes/Public/CDVCommandDelegateImpl.m
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/Public/CDVCommandDelegateImpl.m b/CordovaLib/Classes/Public/CDVCommandDelegateImpl.m
index d4df6c3..629d8e8 100644
--- a/CordovaLib/Classes/Public/CDVCommandDelegateImpl.m
+++ b/CordovaLib/Classes/Public/CDVCommandDelegateImpl.m
@@ -175,8 +175,7 @@
 
 - (BOOL)URLIsWhitelisted:(NSURL*)url
 {
-    return ![_viewController.whitelist schemeIsAllowed:[url scheme]] ||
-           [_viewController.whitelist URLIsAllowed:url logFailure:NO];
+    return [_viewController shouldAllowNavigationToURL:url];
 }
 
 - (NSDictionary*)settings

http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/1e8ae646/CordovaLib/Classes/Public/CDVURLProtocol.m
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/Public/CDVURLProtocol.m b/CordovaLib/Classes/Public/CDVURLProtocol.m
index fce5783..a7a38cd 100644
--- a/CordovaLib/Classes/Public/CDVURLProtocol.m
+++ b/CordovaLib/Classes/Public/CDVURLProtocol.m
@@ -131,12 +131,10 @@ static CDVViewController *viewControllerForRequest(NSURLRequest* request)
             // For this reason, we return NO when cmds exist.
             return !hasCmds;
         }
-        // we only care about http and https connections.
-        // CORS takes care of http: trying to access file: URLs.
-        if ([gWhitelist schemeIsAllowed:[theUrl scheme]]) {
-            // if it FAILS the whitelist, we return TRUE, so we can fail the connection later
-            return ![gWhitelist URLIsAllowed:theUrl];
-        }
+        // Returning YES here means that the request will be handled below, by startLoading,
which will
+        // override the network layer and return a 401 instead. Returning NO means that the
network layer
+        // will perform as ususal, and the request will be proceed.
+        return ![viewController shouldAllowRequestForURL:theUrl];
     }
 
     return NO;

http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/1e8ae646/CordovaLib/Classes/Public/CDVViewController.h
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/Public/CDVViewController.h b/CordovaLib/Classes/Public/CDVViewController.h
index 693b1e8..f654d6c 100644
--- a/CordovaLib/Classes/Public/CDVViewController.h
+++ b/CordovaLib/Classes/Public/CDVViewController.h
@@ -82,7 +82,7 @@
 - (void)registerPlugin:(CDVPlugin*)plugin withClassName:(NSString*)className;
 - (void)registerPlugin:(CDVPlugin*)plugin withPluginName:(NSString*)pluginName;
 
-- (BOOL)URLisAllowed:(NSURL*)url;
+- (BOOL)URLisAllowed:(NSURL*)url __attribute__((deprecated));
 - (BOOL)shouldAllowRequestForURL:(NSURL *)url;
 - (BOOL)shouldAllowNavigationToURL:(NSURL *)url;
 - (BOOL)shouldOpenExternalURL:(NSURL *)url;

http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/1e8ae646/CordovaLib/Classes/Public/CDVViewController.m
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/Public/CDVViewController.m b/CordovaLib/Classes/Public/CDVViewController.m
index aeade66..7247200 100644
--- a/CordovaLib/Classes/Public/CDVViewController.m
+++ b/CordovaLib/Classes/Public/CDVViewController.m
@@ -156,11 +156,7 @@
 
 - (BOOL)URLisAllowed:(NSURL*)url
 {
-    if (self.whitelist == nil) {
-        return YES;
-    }
-
-    return [self.whitelist URLIsAllowed:url];
+    return [self shouldAllowNavigationToURL:url];
 }
 
 - (void)parseSettingsWithParser:(NSObject<NSXMLParserDelegate> *)delegate
@@ -629,24 +625,44 @@
     }
 
     /*
-     * If a URL is being loaded that's a file/http/https URL, just load it internally
+     *    If we loaded the HTML from a string, we let the app handle it
      */
-    if ([url isFileURL]) {
+    if (self.loadFromString == YES) {
+        self.loadFromString = NO;
         return YES;
     }
 
     /*
-     *    If we loaded the HTML from a string, we let the app handle it
+     * Handle all other types of urls (tel:, sms:), and requests to load a url in the main
webview.
      */
-    else if (self.loadFromString == YES) {
-        self.loadFromString = NO;
+    BOOL shouldAllowNavigation = [self shouldAllowNavigationToURL:url];
+    if (shouldAllowNavigation) {
         return YES;
+    } else {
+        BOOL shouldOpenExternalURL = [self shouldOpenExternalURL:url];
+        if (shouldOpenExternalURL) {
+            if ([[UIApplication sharedApplication] canOpenURL:url]) {
+                [[UIApplication sharedApplication] openURL:url];
+            } else { // handle any custom schemes to plugins
+                [[NSNotificationCenter defaultCenter] postNotification:[NSNotification notificationWithName:CDVPluginHandleOpenURLNotification
object:url]];
+            }
+        }
     }
 
+    return NO;
+}
+
+#pragma mark Network Policy Plugin (Whitelist) hooks
+
+/* This implements the default policy for resource loading and navigation, if there
+ * are no plugins installed which override the whitelist methods.
+ */
+- (BOOL)defaultResourcePolicyForURL:(NSURL *)url
+{
     /*
-     * all tel: scheme urls we let the UIWebview handle it using the default behavior
+     * If a URL is being loaded that's a file/http/https URL, just load it internally
      */
-    else if ([[url scheme] isEqualToString:@"tel"]) {
+    if ([url isFileURL]) {
         return YES;
     }
 
@@ -664,28 +680,9 @@
         return YES;
     }
 
-    /*
-     * Handle all other types of urls (tel:, sms:), and requests to load a url in the main
webview.
-     */
-    else {
-        if ([self.whitelist schemeIsAllowed:[url scheme]]) {
-            return [self.whitelist URLIsAllowed:url];
-        } else {
-            if ([[UIApplication sharedApplication] canOpenURL:url]) {
-                [[UIApplication sharedApplication] openURL:url];
-            } else { // handle any custom schemes to plugins
-                [[NSNotificationCenter defaultCenter] postNotification:[NSNotification notificationWithName:CDVPluginHandleOpenURLNotification
object:url]];
-            }
-        }
-
-        return NO;
-    }
-
-    return YES;
+    return NO;
 }
 
-#pragma mark Network Policy Plugin (Whitelist) hooks
-
 - (BOOL)shouldAllowRequestForURL:(NSURL *)url
 {
     BOOL anyPluginsResponded = NO;
@@ -706,7 +703,7 @@
     }
 
     /* Default Policy */
-    return NO;
+    return [self defaultResourcePolicyForURL:url];
 }
 
 
@@ -730,7 +727,7 @@
     }
 
     /* Default Policy */
-    return NO;
+    return [self defaultResourcePolicyForURL:url];
 }
 
 - (BOOL)shouldOpenExternalURL:(NSURL *)url


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org


Mime
View raw message