Mercurial > summit-idp
changeset 19:e1b3e9916b57
made origin detection happen on a per-handler basis.
| author | Atul Varma <avarma@mozilla.com> |
|---|---|
| date | Fri, 25 Jun 2010 12:15:27 -0700 |
| parents | f6db6f8cbf5b |
| children | 3197696debbe |
| files | static-files/api.js static-files/index.js |
| diffstat | 2 files changed, 29 insertions(+), 38 deletions(-) [+] |
line wrap: on
line diff
--- a/static-files/api.js Fri Jun 25 11:43:51 2010 -0700 +++ b/static-files/api.js Fri Jun 25 12:15:27 2010 -0700 @@ -6,13 +6,7 @@ function MessageBroker(handlers, postMessage) { var awaitingResponses = {}; - function sendResponse(id, value) { - var responseMsg = { - type: "response", - id: id, - value: value - }; - postMessage(responseMsg); + function sendResponse(id, value, target) { } this.callCmd = function callCmd(cmd, options, cb) { @@ -29,7 +23,7 @@ postMessage(msg); }; - this.onMessage = function onMessage(msg) { + this.onMessage = function onMessage(msg, origin, source) { switch (msg.type) { case "response": if (msg.id in awaitingResponses) { @@ -44,41 +38,38 @@ var cb = undefined; if (msg.cb) cb = function(response) { - sendResponse(msg.id, response); + postMessage({type: "response", + id: msg.id, + value: response + }, + source); }; - handlers[handler](msg.options, cb); + handlers[handler](msg.options, cb, origin); } break; } }; } - function Server(handlers, isOriginValid) { + function Server(handlers) { var broker = new MessageBroker(handlers, postMessage); var originBrokers = {}; - var allSources = []; - function brokerForOrigin(origin, source) { - function postMessage(msg) { - source.postMessage(JSON.stringify(msg), origin); + function brokerForOrigin(origin) { + function postMessage(msg, target) { + target.postMessage(JSON.stringify(msg), origin); } return new MessageBroker(handlers, postMessage); } function onMessage(event) { - if (!(event.origin in originBrokers)) { - if (isOriginValid && !isOriginValid(event.origin)) - return; - originBrokers[event.origin] = brokerForOrigin(event.origin, - event.source); - allSources.push(event.source); - } + if (!(event.origin in originBrokers)) + originBrokers[event.origin] = brokerForOrigin(event.origin); - if (allSources.indexOf(event.source) == -1) - throw new Error("Clients from the same origin are not " + - "currently supported: " + event.origin); - originBrokers[event.origin].onMessage(JSON.parse(event.data)); + originBrokers[event.origin].onMessage(JSON.parse(event.data), + event.origin, + event.source); } window.addEventListener("message", onMessage, false); @@ -113,7 +104,8 @@ function onMessage(event) { if (event.origin == origin) - broker.onMessage(JSON.parse(event.data)); + broker.onMessage(JSON.parse(event.data), event.origin, + event.source); } this.callCmd = broker.callCmd;
--- a/static-files/index.js Fri Jun 25 11:43:51 2010 -0700 +++ b/static-files/index.js Fri Jun 25 12:15:27 2010 -0700 @@ -145,8 +145,16 @@ ( // Set up the postMessage API. function(window) { + var myOrigin = window.location.protocol + "//" + window.location.host; var handlers = { - getAllUsers: function(options, cb) { + getAllUsers: function(options, cb, origin) { + if (origin != myOrigin) { + cb({error: "access denied"}); + return; + } + + // TODO: Add support for more origins. + if (Config.value.state != "logged-in") { cb({error: "not logged in"}); return; @@ -164,15 +172,6 @@ } }; - var myOrigin = window.location.protocol + "//" + window.location.host; - - function isOriginValid(origin) { - if (origin == myOrigin) - return true; - // TODO: Finish this. - return false; - } - - var server = new Summit.Server(handlers, isOriginValid); + var server = new Summit.Server(handlers); } )(window);