You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by "Shazron Abdullah (JIRA)" <ji...@apache.org> on 2012/09/12 08:11:07 UTC
[jira] [Created] (CB-1412) iOS Whitelist is never used, all urls
will pass the whitelist
Shazron Abdullah created CB-1412:
------------------------------------
Summary: iOS Whitelist is never used, all urls will pass the whitelist
Key: CB-1412
URL: https://issues.apache.org/jira/browse/CB-1412
Project: Apache Cordova
Issue Type: Bug
Components: iOS
Affects Versions: 2.1.0
Reporter: Shazron Abdullah
Assignee: Shazron Abdullah
Priority: Blocker
Fix For: 2.1.0
The line here: https://github.com/apache/incubator-cordova-ios/blob/fdf8043414e39914ffc29b682779a10fe1c147e7/CordovaLib/Classes/CDVURLProtocol.m#L87
... the whitelist object is nil, which will return false for the condition, allowing the bypass.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CB-1412) iOS Whitelist is never used, all urls
will pass the whitelist
Posted by "Andrew Grieve (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CB-1412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453969#comment-13453969 ]
Andrew Grieve commented on CB-1412:
-----------------------------------
Whoops, nice catch. Was this caught by a mobile-spec test?
I don't think the note in there about using the vc header to distinguish webviews will work. That header exists only when it is set explicitly by the exec() xhr. Maybe we could use the referrer header. Not sure.
> iOS Whitelist is never used, all urls will pass the whitelist
> -------------------------------------------------------------
>
> Key: CB-1412
> URL: https://issues.apache.org/jira/browse/CB-1412
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Affects Versions: 2.1.0
> Reporter: Shazron Abdullah
> Assignee: Shazron Abdullah
> Priority: Blocker
> Fix For: 2.1.0
>
>
> The line here: https://github.com/apache/incubator-cordova-ios/blob/fdf8043414e39914ffc29b682779a10fe1c147e7/CordovaLib/Classes/CDVURLProtocol.m#L87
> ... the whitelist object is nil, which will return false for the condition, allowing the bypass.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CB-1412) iOS Whitelist is never used, all urls
will pass the whitelist
Posted by "Shazron Abdullah (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CB-1412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13454329#comment-13454329 ]
Shazron Abdullah commented on CB-1412:
--------------------------------------
InAppBrowser - http://wiki.apache.org/cordova/InAppBrowser
> iOS Whitelist is never used, all urls will pass the whitelist
> -------------------------------------------------------------
>
> Key: CB-1412
> URL: https://issues.apache.org/jira/browse/CB-1412
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Affects Versions: 2.1.0
> Reporter: Shazron Abdullah
> Assignee: Shazron Abdullah
> Priority: Blocker
> Fix For: 2.1.0
>
>
> The line here: https://github.com/apache/incubator-cordova-ios/blob/fdf8043414e39914ffc29b682779a10fe1c147e7/CordovaLib/Classes/CDVURLProtocol.m#L87
> ... the whitelist object is nil, which will return false for the condition, allowing the bypass.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CB-1412) iOS Whitelist is never used, all urls
will pass the whitelist
Posted by "Shazron Abdullah (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CB-1412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13454327#comment-13454327 ]
Shazron Abdullah commented on CB-1412:
--------------------------------------
Yup, usually I let it run mobile-spec first in a new project _without_ adding the exceptions in the whitelist for the tests, and there should be failed tests - in this case, all tests passed which flagged me to the problem.
Oh, I was thinking about the InAppBrowser feature that we need to implement (which is ChildBrowser). I mentioned the approach in one of the ML threads so I thought we can use the xhr bridge method as well.
I was thinking in the webView:shouldStartLoadWithRequest UIWebView delegate method can inject the right header in the NSMutableRequest, but upon thinking about it some more, I forgot about xhrs and resource loading, those won't be caught by the delegate. I don't know of a method at this moment that we can "tag" a request with (what viewcontroller/uiwebview it came from) to use the appropriate whitelist.
We want to use separate whitelists because an InAppBrowser might have different requirements than the app itself - right now it has to share the app's whitelist.
> iOS Whitelist is never used, all urls will pass the whitelist
> -------------------------------------------------------------
>
> Key: CB-1412
> URL: https://issues.apache.org/jira/browse/CB-1412
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Affects Versions: 2.1.0
> Reporter: Shazron Abdullah
> Assignee: Shazron Abdullah
> Priority: Blocker
> Fix For: 2.1.0
>
>
> The line here: https://github.com/apache/incubator-cordova-ios/blob/fdf8043414e39914ffc29b682779a10fe1c147e7/CordovaLib/Classes/CDVURLProtocol.m#L87
> ... the whitelist object is nil, which will return false for the condition, allowing the bypass.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CB-1412) iOS Whitelist is never used, all urls
will pass the whitelist
Posted by "Shazron Abdullah (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CB-1412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Shazron Abdullah resolved CB-1412.
----------------------------------
Resolution: Fixed
Fix commit - http://git-wip-us.apache.org/repos/asf/incubator-cordova-ios/commit/8e2825b7
> iOS Whitelist is never used, all urls will pass the whitelist
> -------------------------------------------------------------
>
> Key: CB-1412
> URL: https://issues.apache.org/jira/browse/CB-1412
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Affects Versions: 2.1.0
> Reporter: Shazron Abdullah
> Assignee: Shazron Abdullah
> Priority: Blocker
> Fix For: 2.1.0
>
>
> The line here: https://github.com/apache/incubator-cordova-ios/blob/fdf8043414e39914ffc29b682779a10fe1c147e7/CordovaLib/Classes/CDVURLProtocol.m#L87
> ... the whitelist object is nil, which will return false for the condition, allowing the bypass.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira