You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ia...@apache.org on 2014/10/27 16:01:01 UTC

[2/4] ios commit: Defer whitelist decisions to plugins

Defer whitelist decisions to plugins


Project: http://git-wip-us.apache.org/repos/asf/cordova-ios/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-ios/commit/13d90874
Tree: http://git-wip-us.apache.org/repos/asf/cordova-ios/tree/13d90874
Diff: http://git-wip-us.apache.org/repos/asf/cordova-ios/diff/13d90874

Branch: refs/heads/unplug-whitelist
Commit: 13d90874087116f07bbeacdbb4629228d9cf8153
Parents: 83ba4cd
Author: Ian Clelland <ic...@chromium.org>
Authored: Mon Oct 27 10:59:40 2014 -0400
Committer: Ian Clelland <ic...@chromium.org>
Committed: Mon Oct 27 10:59:56 2014 -0400

----------------------------------------------------------------------
 CordovaLib/Classes/CDVCommandDelegateImpl.m |  3 +-
 CordovaLib/Classes/CDVURLProtocol.m         | 10 ++--
 CordovaLib/Classes/CDVViewController.h      |  2 +-
 CordovaLib/Classes/CDVViewController.m      | 65 +++++++++++-------------
 4 files changed, 37 insertions(+), 43 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/13d90874/CordovaLib/Classes/CDVCommandDelegateImpl.m
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/CDVCommandDelegateImpl.m b/CordovaLib/Classes/CDVCommandDelegateImpl.m
index fc3346d..033f3ed 100644
--- a/CordovaLib/Classes/CDVCommandDelegateImpl.m
+++ b/CordovaLib/Classes/CDVCommandDelegateImpl.m
@@ -169,8 +169,7 @@
 
 - (BOOL)URLIsWhitelisted:(NSURL*)url
 {
-    return ![_viewController.whitelist schemeIsAllowed:[url scheme]] ||
-           [_viewController.whitelist URLIsAllowed:url logFailure:NO];
+    return [_viewController shouldAllowNavigationToURL:url];
 }
 
 - (NSDictionary*)settings

http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/13d90874/CordovaLib/Classes/CDVURLProtocol.m
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/CDVURLProtocol.m b/CordovaLib/Classes/CDVURLProtocol.m
index fce5783..a7a38cd 100644
--- a/CordovaLib/Classes/CDVURLProtocol.m
+++ b/CordovaLib/Classes/CDVURLProtocol.m
@@ -131,12 +131,10 @@ static CDVViewController *viewControllerForRequest(NSURLRequest* request)
             // For this reason, we return NO when cmds exist.
             return !hasCmds;
         }
-        // we only care about http and https connections.
-        // CORS takes care of http: trying to access file: URLs.
-        if ([gWhitelist schemeIsAllowed:[theUrl scheme]]) {
-            // if it FAILS the whitelist, we return TRUE, so we can fail the connection later
-            return ![gWhitelist URLIsAllowed:theUrl];
-        }
+        // Returning YES here means that the request will be handled below, by startLoading, which will
+        // override the network layer and return a 401 instead. Returning NO means that the network layer
+        // will perform as ususal, and the request will be proceed.
+        return ![viewController shouldAllowRequestForURL:theUrl];
     }
 
     return NO;

http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/13d90874/CordovaLib/Classes/CDVViewController.h
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/CDVViewController.h b/CordovaLib/Classes/CDVViewController.h
index 96698f5..5b37d40 100644
--- a/CordovaLib/Classes/CDVViewController.h
+++ b/CordovaLib/Classes/CDVViewController.h
@@ -78,7 +78,7 @@
 - (void)registerPlugin:(CDVPlugin*)plugin withClassName:(NSString*)className;
 - (void)registerPlugin:(CDVPlugin*)plugin withPluginName:(NSString*)pluginName;
 
-- (BOOL)URLisAllowed:(NSURL*)url;
+- (BOOL)URLisAllowed:(NSURL*)url __attribute__((deprecated));
 - (BOOL)shouldAllowRequestForURL:(NSURL *)url;
 - (BOOL)shouldAllowNavigationToURL:(NSURL *)url;
 - (BOOL)shouldOpenExternalURL:(NSURL *)url;

http://git-wip-us.apache.org/repos/asf/cordova-ios/blob/13d90874/CordovaLib/Classes/CDVViewController.m
----------------------------------------------------------------------
diff --git a/CordovaLib/Classes/CDVViewController.m b/CordovaLib/Classes/CDVViewController.m
index b2b6578..6708634 100644
--- a/CordovaLib/Classes/CDVViewController.m
+++ b/CordovaLib/Classes/CDVViewController.m
@@ -153,11 +153,7 @@
 
 - (BOOL)URLisAllowed:(NSURL*)url
 {
-    if (self.whitelist == nil) {
-        return YES;
-    }
-
-    return [self.whitelist URLIsAllowed:url];
+    return [self shouldAllowNavigationToURL:url];
 }
 
 - (void)parseSettingsWithParser:(NSObject<NSXMLParserDelegate> *)delegate
@@ -718,24 +714,44 @@
     }
 
     /*
-     * If a URL is being loaded that's a file/http/https URL, just load it internally
+     *    If we loaded the HTML from a string, we let the app handle it
      */
-    if ([url isFileURL]) {
+    if (self.loadFromString == YES) {
+        self.loadFromString = NO;
         return YES;
     }
 
     /*
-     *    If we loaded the HTML from a string, we let the app handle it
+     * Handle all other types of urls (tel:, sms:), and requests to load a url in the main webview.
      */
-    else if (self.loadFromString == YES) {
-        self.loadFromString = NO;
+    BOOL shouldAllowNavigation = [self shouldAllowNavigationToURL:url];
+    if (shouldAllowNavigation) {
         return YES;
+    } else {
+        BOOL shouldOpenExternalURL = [self shouldOpenExternalURL:url];
+        if (shouldOpenExternalURL) {
+            if ([[UIApplication sharedApplication] canOpenURL:url]) {
+                [[UIApplication sharedApplication] openURL:url];
+            } else { // handle any custom schemes to plugins
+                [[NSNotificationCenter defaultCenter] postNotification:[NSNotification notificationWithName:CDVPluginHandleOpenURLNotification object:url]];
+            }
+        }
     }
 
+    return NO;
+}
+
+#pragma mark Network Policy Plugin (Whitelist) hooks
+
+/* This implements the default policy for resource loading and navigation, if there
+ * are no plugins installed which override the whitelist methods.
+ */
+- (BOOL)defaultResourcePolicyForURL:(NSURL *)url
+{
     /*
-     * all tel: scheme urls we let the UIWebview handle it using the default behavior
+     * If a URL is being loaded that's a file/http/https URL, just load it internally
      */
-    else if ([[url scheme] isEqualToString:@"tel"]) {
+    if ([url isFileURL]) {
         return YES;
     }
 
@@ -753,28 +769,9 @@
         return YES;
     }
 
-    /*
-     * Handle all other types of urls (tel:, sms:), and requests to load a url in the main webview.
-     */
-    else {
-        if ([self.whitelist schemeIsAllowed:[url scheme]]) {
-            return [self.whitelist URLIsAllowed:url];
-        } else {
-            if ([[UIApplication sharedApplication] canOpenURL:url]) {
-                [[UIApplication sharedApplication] openURL:url];
-            } else { // handle any custom schemes to plugins
-                [[NSNotificationCenter defaultCenter] postNotification:[NSNotification notificationWithName:CDVPluginHandleOpenURLNotification object:url]];
-            }
-        }
-
-        return NO;
-    }
-
-    return YES;
+    return NO;
 }
 
-#pragma mark Network Policy Plugin (Whitelist) hooks
-
 - (BOOL)shouldAllowRequestForURL:(NSURL *)url
 {
     BOOL anyPluginsResponded = NO;
@@ -795,7 +792,7 @@
     }
 
     /* Default Policy */
-    return NO;
+    return [self defaultResourcePolicyForURL:url];
 }
 
 
@@ -819,7 +816,7 @@
     }
 
     /* Default Policy */
-    return NO;
+    return [self defaultResourcePolicyForURL:url];
 }
 
 - (BOOL)shouldOpenExternalURL:(NSURL *)url


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org