You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by zh...@apache.org on 2010/09/04 02:02:33 UTC

svn commit: r992511 - /shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js

Author: zhoresh
Date: Sat Sep  4 00:02:33 2010
New Revision: 992511

URL: http://svn.apache.org/viewvc?rev=992511&view=rev
Log:
Issue: http://codereview.appspot.com/2118045/
Add flag to enable/disable extra relay checking

Modified:
    shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js

Modified: shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js?rev=992511&r1=992510&r2=992511&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js (original)
+++ shindig/trunk/features/src/main/javascript/features/rpc/wpm.transport.js Sat Sep  4 00:02:33 2010
@@ -48,6 +48,7 @@ gadgets.rpctx.wpm = function() {
   var postMessage;
   var pmSync = false;
   var pmEventDomain = false;
+  var isForceSecure = false;
 
   // Some browsers (IE, Opera) have an implementation of postMessage that is
   // synchronous, although HTML5 specifies that it should be asynchronous.  In
@@ -85,19 +86,20 @@ gadgets.rpctx.wpm = function() {
 
   function onmessage(packet) {
     var rpc = gadgets.json.parse(packet.data);
-    if (!rpc || !rpc.f) {
-      return;
-    }
+    if (isForceSecure) {
+      if (!rpc || !rpc.f) {
+        return;
+      }
     
-    // for security, check origin against expected value
-    var origRelay = gadgets.rpc.getRelayUrl(rpc.f) ||
-                    gadgets.util.getUrlParameters()["parent"];
-    var origin = gadgets.rpc.getOrigin(origRelay);
-    if (!pmEventDomain ? packet.origin !== origin :
-                         packet.domain !== /^.+:\/\/([^:]+).*/.exec( origin )[1]) {
-      return;
+      // for security, check origin against expected value
+      var origRelay = gadgets.rpc.getRelayUrl(rpc.f) ||
+                      gadgets.util.getUrlParameters()["parent"];
+      var origin = gadgets.rpc.getOrigin(origRelay);
+      if (!pmEventDomain ? packet.origin !== origin :
+                           packet.domain !== /^.+:\/\/([^:]+).*/.exec( origin )[1]) {
+        return;
+      }
     }
-
     process(rpc);
   }
 
@@ -134,11 +136,12 @@ gadgets.rpctx.wpm = function() {
       return true;
     },
 
-    setup: function(receiverId, token, forcesecure) {
+    setup: function(receiverId, token, forceSecure) {
+      isForceSecure = forceSecure;
       // If we're a gadget, send an ACK message to indicate to container
       // that we're ready to receive messages.
       if (receiverId === '..') {
-        if (forcesecure) {
+        if (isForceSecure) {
           gadgets.rpc._createRelayIframe(token);
         } else {
           gadgets.rpc.call(receiverId, gadgets.rpc.ACK);