incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shazron <shaz...@gmail.com>
Subject Re: white-listing File Transfer on iOS and bug CB-1600
Date Tue, 09 Oct 2012 19:40:46 GMT
> There's some interesting code and comments here:
>
>
> https://github.com/apache/incubator-cordova-ios/blob/master/CordovaLib/Classes/CDVURLProtocol.m#L105
>
> Note the comment a few lines down:
>
>       // if it FAILS the whitelist, we return TRUE, so we can fail the
> connection later
>
> Um, WHO fails the connection later?  Can't quite figure out that puzzle.

We fail it here:
https://github.com/apache/incubator-cordova-ios/blob/master/CordovaLib/Classes/CDVURLProtocol.m#L127
Returning NO in line #105 does not fail it, it would actually make the
connection pass. So we return YES to fail it later.

>  As the comments before it indicate, I'm getting [canInitWithRequest]
> invoked 3 times per failed whitelist request, and then the code blindly
> continues processing the file download.  At some point, it fails, as
> [CDVFileTransfer connection:didReceiveResponse:] is getting sent an
> NSURLResponse and not a NSHTTPURLResponse, and the trap involves an invalid
> casting of the NSURLResponse to a NSHTTPURLResponse.
>
> (as a general cleanliness measure, perhaps we should always do isKindOf: or
> whatever tests before casting?)

yup, we should do a isKindOfClass: check here

> === questions ===
>
> - can we just do the white-list check FIRST, before even starting the file
> transfer?  That way we never get into this mess.

We can't - see my previous comment on how NSURLProtocol works.

>
> - maybe that doesn't work - do these NSURLConnections silently handle
> redirects, and then end up potentially failing in the white-list there?

Not sure, I think there might be delegate functions for this:
http://stackoverflow.com/questions/1446509/handling-redirects-correctly-with-nsurlconnection

> - I think we can check for white-list failure in
> the [CDVFileTransfer connection:didReceiveResponse:] method with an
> isKindOf: or whatever check, but I'm not sure if there's any other cleanup
> that needs to take place here.
>
> --
> Patrick Mueller
> http://muellerware.org

Mime
View raw message