You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by zh...@apache.org on 2010/09/04 02:02:33 UTC
svn commit: r992511 -
/shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js
Author: zhoresh
Date: Sat Sep 4 00:02:33 2010
New Revision: 992511
URL: http://svn.apache.org/viewvc?rev=992511&view=rev
Log:
Issue: http://codereview.appspot.com/2118045/
Add flag to enable/disable extra relay checking
Modified:
shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js
Modified: shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js?rev=992511&r1=992510&r2=992511&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js (original)
+++ shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js Sat Sep 4 00:02:33 2010
@@ -48,6 +48,7 @@ gadgets.rpctx.wpm = function() {
var postMessage;
var pmSync = false;
var pmEventDomain = false;
+ var isForceSecure = false;
// Some browsers (IE, Opera) have an implementation of postMessage that is
// synchronous, although HTML5 specifies that it should be asynchronous. In
@@ -85,19 +86,20 @@ gadgets.rpctx.wpm = function() {
function onmessage(packet) {
var rpc = gadgets.json.parse(packet.data);
- if (!rpc || !rpc.f) {
- return;
- }
+ if (isForceSecure) {
+ if (!rpc || !rpc.f) {
+ return;
+ }
- // for security, check origin against expected value
- var origRelay = gadgets.rpc.getRelayUrl(rpc.f) ||
- gadgets.util.getUrlParameters()["parent"];
- var origin = gadgets.rpc.getOrigin(origRelay);
- if (!pmEventDomain ? packet.origin !== origin :
- packet.domain !== /^.+:\/\/([^:]+).*/.exec( origin )[1]) {
- return;
+ // for security, check origin against expected value
+ var origRelay = gadgets.rpc.getRelayUrl(rpc.f) ||
+ gadgets.util.getUrlParameters()["parent"];
+ var origin = gadgets.rpc.getOrigin(origRelay);
+ if (!pmEventDomain ? packet.origin !== origin :
+ packet.domain !== /^.+:\/\/([^:]+).*/.exec( origin )[1]) {
+ return;
+ }
}
-
process(rpc);
}
@@ -134,11 +136,12 @@ gadgets.rpctx.wpm = function() {
return true;
},
- setup: function(receiverId, token, forcesecure) {
+ setup: function(receiverId, token, forceSecure) {
+ isForceSecure = forceSecure;
// If we're a gadget, send an ACK message to indicate to container
// that we're ready to receive messages.
if (receiverId === '..') {
- if (forcesecure) {
+ if (isForceSecure) {
gadgets.rpc._createRelayIframe(token);
} else {
gadgets.rpc.call(receiverId, gadgets.rpc.ACK);