You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ia...@apache.org on 2015/03/26 18:52:37 UTC
[4/9] ios commit: Defer whitelist decisions to plugins
Defer whitelist decisions to plugins
Project: http://git-wip-us.apache.org/repos/asf/cordova-ios/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-ios/commit/1e8ae646
Tree: http://git-wip-us.apache.org/repos/asf/cordova-ios/tree/1e8ae646
Diff: http://git-wip-us.apache.org/repos/asf/cordova-ios/diff/1e8ae646
Branch: refs/heads/4.0.x
Commit: 1e8ae6462a5632efc6caecfecc4c8a6d06c069fc
Parents: c52e7ec
Author: Ian Clelland <ic...@chromium.org>
Authored: Mon Oct 27 10:59:40 2014 -0400
Committer: Ian Clelland <ic...@chromium.org>
Committed: Thu Mar 19 11:06:30 2015 -0400
----------------------------------------------------------------------
.../Classes/Public/CDVCommandDelegateImpl.m | 3 +-
CordovaLib/Classes/Public/CDVURLProtocol.m | 10 ++-
CordovaLib/Classes/Public/CDVViewController.h | 2 +-
CordovaLib/Classes/Public/CDVViewController.m | 65 ++++++++++----------
4 files changed, 37 insertions(+), 43 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/1e8ae646/CordovaLib/Classes/Public/CDVCommandDelegateImpl.m
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/Public/CDVCommandDelegateImpl.m b/CordovaLib/Classes/Public/CDVCommandDelegateImpl.m
index d4df6c3..629d8e8 100644
--- a/CordovaLib/Classes/Public/CDVCommandDelegateImpl.m
+++ b/CordovaLib/Classes/Public/CDVCommandDelegateImpl.m
@@ -175,8 +175,7 @@
- (BOOL)URLIsWhitelisted:(NSURL*)url
{
- return ![_viewController.whitelist schemeIsAllowed:[url scheme]] ||
- [_viewController.whitelist URLIsAllowed:url logFailure:NO];
+ return [_viewController shouldAllowNavigationToURL:url];
}
- (NSDictionary*)settings
http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/1e8ae646/CordovaLib/Classes/Public/CDVURLProtocol.m
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/Public/CDVURLProtocol.m b/CordovaLib/Classes/Public/CDVURLProtocol.m
index fce5783..a7a38cd 100644
--- a/CordovaLib/Classes/Public/CDVURLProtocol.m
+++ b/CordovaLib/Classes/Public/CDVURLProtocol.m
@@ -131,12 +131,10 @@ static CDVViewController *viewControllerForRequest(NSURLRequest* request)
// For this reason, we return NO when cmds exist.
return !hasCmds;
}
- // we only care about http and https connections.
- // CORS takes care of http: trying to access file: URLs.
- if ([gWhitelist schemeIsAllowed:[theUrl scheme]]) {
- // if it FAILS the whitelist, we return TRUE, so we can fail the connection later
- return ![gWhitelist URLIsAllowed:theUrl];
- }
+ // Returning YES here means that the request will be handled below, by startLoading, which will
+ // override the network layer and return a 401 instead. Returning NO means that the network layer
+ // will perform as ususal, and the request will be proceed.
+ return ![viewController shouldAllowRequestForURL:theUrl];
}
return NO;
http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/1e8ae646/CordovaLib/Classes/Public/CDVViewController.h
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/Public/CDVViewController.h b/CordovaLib/Classes/Public/CDVViewController.h
index 693b1e8..f654d6c 100644
--- a/CordovaLib/Classes/Public/CDVViewController.h
+++ b/CordovaLib/Classes/Public/CDVViewController.h
@@ -82,7 +82,7 @@
- (void)registerPlugin:(CDVPlugin*)plugin withClassName:(NSString*)className;
- (void)registerPlugin:(CDVPlugin*)plugin withPluginName:(NSString*)pluginName;
-- (BOOL)URLisAllowed:(NSURL*)url;
+- (BOOL)URLisAllowed:(NSURL*)url __attribute__((deprecated));
- (BOOL)shouldAllowRequestForURL:(NSURL *)url;
- (BOOL)shouldAllowNavigationToURL:(NSURL *)url;
- (BOOL)shouldOpenExternalURL:(NSURL *)url;
http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/1e8ae646/CordovaLib/Classes/Public/CDVViewController.m
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/Public/CDVViewController.m b/CordovaLib/Classes/Public/CDVViewController.m
index aeade66..7247200 100644
--- a/CordovaLib/Classes/Public/CDVViewController.m
+++ b/CordovaLib/Classes/Public/CDVViewController.m
@@ -156,11 +156,7 @@
- (BOOL)URLisAllowed:(NSURL*)url
{
- if (self.whitelist == nil) {
- return YES;
- }
-
- return [self.whitelist URLIsAllowed:url];
+ return [self shouldAllowNavigationToURL:url];
}
- (void)parseSettingsWithParser:(NSObject<NSXMLParserDelegate> *)delegate
@@ -629,24 +625,44 @@
}
/*
- * If a URL is being loaded that's a file/http/https URL, just load it internally
+ * If we loaded the HTML from a string, we let the app handle it
*/
- if ([url isFileURL]) {
+ if (self.loadFromString == YES) {
+ self.loadFromString = NO;
return YES;
}
/*
- * If we loaded the HTML from a string, we let the app handle it
+ * Handle all other types of urls (tel:, sms:), and requests to load a url in the main webview.
*/
- else if (self.loadFromString == YES) {
- self.loadFromString = NO;
+ BOOL shouldAllowNavigation = [self shouldAllowNavigationToURL:url];
+ if (shouldAllowNavigation) {
return YES;
+ } else {
+ BOOL shouldOpenExternalURL = [self shouldOpenExternalURL:url];
+ if (shouldOpenExternalURL) {
+ if ([[UIApplication sharedApplication] canOpenURL:url]) {
+ [[UIApplication sharedApplication] openURL:url];
+ } else { // handle any custom schemes to plugins
+ [[NSNotificationCenter defaultCenter] postNotification:[NSNotification notificationWithName:CDVPluginHandleOpenURLNotification object:url]];
+ }
+ }
}
+ return NO;
+}
+
+#pragma mark Network Policy Plugin (Whitelist) hooks
+
+/* This implements the default policy for resource loading and navigation, if there
+ * are no plugins installed which override the whitelist methods.
+ */
+- (BOOL)defaultResourcePolicyForURL:(NSURL *)url
+{
/*
- * all tel: scheme urls we let the UIWebview handle it using the default behavior
+ * If a URL is being loaded that's a file/http/https URL, just load it internally
*/
- else if ([[url scheme] isEqualToString:@"tel"]) {
+ if ([url isFileURL]) {
return YES;
}
@@ -664,28 +680,9 @@
return YES;
}
- /*
- * Handle all other types of urls (tel:, sms:), and requests to load a url in the main webview.
- */
- else {
- if ([self.whitelist schemeIsAllowed:[url scheme]]) {
- return [self.whitelist URLIsAllowed:url];
- } else {
- if ([[UIApplication sharedApplication] canOpenURL:url]) {
- [[UIApplication sharedApplication] openURL:url];
- } else { // handle any custom schemes to plugins
- [[NSNotificationCenter defaultCenter] postNotification:[NSNotification notificationWithName:CDVPluginHandleOpenURLNotification object:url]];
- }
- }
-
- return NO;
- }
-
- return YES;
+ return NO;
}
-#pragma mark Network Policy Plugin (Whitelist) hooks
-
- (BOOL)shouldAllowRequestForURL:(NSURL *)url
{
BOOL anyPluginsResponded = NO;
@@ -706,7 +703,7 @@
}
/* Default Policy */
- return NO;
+ return [self defaultResourcePolicyForURL:url];
}
@@ -730,7 +727,7 @@
}
/* Default Policy */
- return NO;
+ return [self defaultResourcePolicyForURL:url];
}
- (BOOL)shouldOpenExternalURL:(NSURL *)url
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org