You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shindig.apache.org by jo...@apache.org on 2011/05/04 05:23:59 UTC

svn commit: r1099314 - in /shindig/trunk: content/xpc.swf features/src/main/flex/Main.as features/src/main/javascript/features/rpc/flash.transport.js

Author: johnh
Date: Wed May  4 03:23:59 2011
New Revision: 1099314

URL: http://svn.apache.org/viewvc?rev=1099314&view=rev
Log:
Remove unnecessary security-lax pieces of Flash transport implementation:
* Underbar prefix on channel name.
* allowDomain filter on localConnection.

Neither are necessary when xpc.swf is hosted off the same domain for all parties, which is the case for flash transport users.


Modified:
    shindig/trunk/content/xpc.swf
    shindig/trunk/features/src/main/flex/Main.as
    shindig/trunk/features/src/main/javascript/features/rpc/flash.transport.js

Modified: shindig/trunk/content/xpc.swf
URL: http://svn.apache.org/viewvc/shindig/trunk/content/xpc.swf?rev=1099314&r1=1099313&r2=1099314&view=diff
==============================================================================
Files shindig/trunk/content/xpc.swf (original) and shindig/trunk/content/xpc.swf Wed May  4 03:23:59 2011 differ

Modified: shindig/trunk/features/src/main/flex/Main.as
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/flex/Main.as?rev=1099314&r1=1099313&r2=1099314&view=diff
==============================================================================
--- shindig/trunk/features/src/main/flex/Main.as (original)
+++ shindig/trunk/features/src/main/flex/Main.as Wed May  4 03:23:59 2011
@@ -145,21 +145,11 @@ class Main {
 
       var receiving_lc:LocalConnection = new LocalConnection();
       var sending_lc:LocalConnection = new LocalConnection();
-      var lastSendingDomain:String;
-      // Allow messages to be sent from any other SWF to this channel.
-      // Message verification itself is handled by both the fact that the
-      // channel ID contains the rpc_token as well as the passed message
-      // contents themselves, containing the token too. The SWF is
-      // largely a simple relay.
-      receiving_lc.allowDomain = function(sendingDomain:String) {
-        lastSendingDomain = sendingDomain;
-        return true;
-      };
       receiving_lc.receiveMessage =
           function(to_origin:String, from_origin:String, in_rpc_key:String, message:String) {
         if ((to_origin === "*" || to_origin === my_origin) && (in_rpc_key == rpc_key)) {
           ExternalInterface.call("gadgets.rpctx.flash._receiveMessage",
-              escFn(message), escFn(from_origin), escFn(to_origin), escFn(lastSendingDomain));
+              escFn(message), escFn(from_origin), escFn(to_origin));
         }
       };
 
@@ -167,11 +157,11 @@ class Main {
             { }, function(message:String, to_origin:String) {
         if (!to_origin) to_origin = "*";
         var sendId:String =
-            replaceFn("_channel_" + channel_id + "_" + rpc_key + "_" + other_role, ":", "");
+            replaceFn("channel_" + channel_id + "_" + rpc_key + "_" + other_role, ":", "");
         sending_lc.send(sendId,
             "receiveMessage", to_origin, my_origin, rpc_key, message);
       });
-      var recvId:String = replaceFn("_channel_" + channel_id + "_" + rpc_key + "_" + role, ":", "");
+      var recvId:String = replaceFn("channel_" + channel_id + "_" + rpc_key + "_" + role, ":", "");
       receiving_lc.connect(recvId);
       if (role == "INNER") {
         // In child context, trigger notice that the setup method is complete.

Modified: shindig/trunk/features/src/main/javascript/features/rpc/flash.transport.js
URL: http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/rpc/flash.transport.js?rev=1099314&r1=1099313&r2=1099314&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/rpc/flash.transport.js (original)
+++ shindig/trunk/features/src/main/javascript/features/rpc/flash.transport.js Wed May  4 03:23:59 2011
@@ -183,7 +183,7 @@ if (!gadgets.rpctx.flash) {  // make lib
       call: call,
 
       // Methods called by relay SWF. Should be considered private.
-      _receiveMessage: function(message, fromOrigin, toOrigin, sendingSwfDomain) {
+      _receiveMessage: function(message, fromOrigin, toOrigin) {
         var jsonMsg = gadgets.json.parse(message);
         var channelReady = jsonMsg[SWF_CHANNEL_READY];
         if (channelReady) {