Reverting CORS (#605)

pxscene · Sep 27, 2017 · ad6b4c4 · ad6b4c4
1 parent b9d5a27
commit ad6b4c4
Show file tree

Hide file tree

Showing 13 changed files with 272 additions and 400 deletions.
diff --git a/examples/pxScene2d/src/pxArchive.cpp b/examples/pxScene2d/src/pxArchive.cpp
@@ -13,7 +13,7 @@ pxArchive::~pxArchive()
   gUIThreadQueue.removeAllTasksForObject(this);
 }
 
-rtError pxArchive::initFromUrl(const rtString& url, const rtString& origin)
+rtError pxArchive::initFromUrl(const rtString& url)
 {
   mReady = new rtPromise;
   mLoadStatus = new rtMapObject;
@@ -30,12 +30,6 @@ rtError pxArchive::initFromUrl(const rtString& url, const rtString& origin)
     mLoadStatus.set("sourceType", "http");
     mLoadStatus.set("statusCode", -1);
     mDownloadRequest = new rtFileDownloadRequest(url, this);
-    if (!origin.isEmpty())
-    {
-      rtString headerOrigin("Origin:");
-      headerOrigin.append(origin.cString());
-      mDownloadRequest->additionalHttpHeaders().push_back(headerOrigin);
-    }
     mDownloadRequest->setCallbackFunction(pxArchive::onDownloadComplete);
     rtFileDownloader::instance()->addToDownloadQueue(mDownloadRequest);
   }

diff --git a/examples/pxScene2d/src/pxArchive.h b/examples/pxScene2d/src/pxArchive.h
@@ -45,7 +45,7 @@ class pxArchive: public rtObject
   pxArchive();
   virtual ~pxArchive();
 
-  rtError initFromUrl(const rtString& url, const rtString& origin = rtString());
+  rtError initFromUrl(const rtString& url);
   rtError ready(rtObjectRef& r) const;
 
   rtError loadStatus(rtObjectRef& v) const;

diff --git a/examples/pxScene2d/src/pxScene2d.cpp b/examples/pxScene2d/src/pxScene2d.cpp
@@ -28,7 +28,6 @@
 #include "rtString.h"
 #include "rtNode.h"
 #include "rtPathUtils.h"
-#include "rtUrlUtils.h"
 
 #include "pxCore.h"
 #include "pxOffscreen.h"
@@ -1539,7 +1538,7 @@ rtDefineObject(pxRoot,pxObject);
 int gTag = 0;
 
 pxScene2d::pxScene2d(bool top, pxScriptView* scriptView)
-  : start(0), sigma_draw(0), sigma_update(0), end2(0), frameCount(0), mWidth(0), mHeight(0), mStopPropagation(false), mContainer(NULL), mShowDirtyRectangle(false),
+  : start(0), sigma_draw(0), sigma_update(0), end2(0), frameCount(0), mWidth(0), mHeight(0), mStopPropagation(false), mContainer(NULL), mShowDirtyRectangle(false), 
     mInnerpxObjects(), mDirty(true), mTestView(NULL), mDisposed(false)
 {
   mRoot = new pxRoot(this);
@@ -1549,11 +1548,6 @@ pxScene2d::pxScene2d(bool top, pxScriptView* scriptView)
   mScriptView = scriptView;
   mTag = gTag++;
 
-  if (scriptView != NULL)
-  {
-    mOrigin = rtUrlGetOrigin(scriptView->getUrl().cString());
-  }
-
   // make sure that initial onFocus is sent
   rtObjectRef e = new rtMapObject;
   mRoot->setFocusInternal(true);

diff --git a/examples/pxScene2d/src/pxScene2d.h b/examples/pxScene2d/src/pxScene2d.h
@@ -1297,7 +1297,7 @@ class pxScene2d: public rtObject, public pxIView
   rtMethodNoArgAndNoReturn("dispose",dispose);
 
   pxScene2d(bool top = true, pxScriptView* scriptView = NULL);
-  virtual ~pxScene2d()
+  virtual ~pxScene2d() 
   {
      rtLogDebug("***** deleting pxScene2d\n");
     if (mTestView != NULL)
@@ -1456,7 +1456,7 @@ class pxScene2d: public rtObject, public pxIView
   {
     rtError e = RT_FAIL;
     rtRef<pxArchive> a = new pxArchive;
-    if (a->initFromUrl(url, mOrigin) == RT_OK)
+    if (a->initFromUrl(url) == RT_OK)
     {
       archive = a;
       e = RT_OK;
@@ -1519,7 +1519,6 @@ class pxScene2d: public rtObject, public pxIView
   #endif
   bool mPointerHidden;
   std::vector<rtObjectRef> mInnerpxObjects;
-  rtString mOrigin;
 public:
   void hidePointer( bool hide )
   {

diff --git a/examples/pxScene2d/src/rcvrcore/AppSceneContext.js b/examples/pxScene2d/src/rcvrcore/AppSceneContext.js
@@ -21,7 +21,86 @@ var ClearInterval = clearInterval;
 
 var http_wrap = require('rcvrcore/http_wrap');
 var https_wrap = require('rcvrcore/https_wrap');
-var AccessControl = require('rcvrcore/utils/AccessControl');
+
+// function to check whether the page being loaded is from local machine or remote machine
+function isLocalApp(loadurl)
+{
+    if ((loadurl.length > 4) && (loadurl.substring(0, 4) === "http"))
+    {
+      if ((loadurl.length >= 16) && ((loadurl.substring(0, 16) === "http://localhost") || (loadurl.substring(0, 16) === "http://127.0.0.1")))
+      {
+        return true;
+      }
+      else if ((loadurl.length >= 17) && ((loadurl.substring(0, 17) === "https://localhost") || (loadurl.substring(0, 17) === "https://127.0.0.1")))
+      {
+        return true;
+      }
+      return false;
+    }
+
+    else if ((loadurl.length >= 9) && (loadurl.substring(0, 9) === "localhost"))
+    {
+      return true;
+    }
+    else if ((loadurl.length >= 17) && (loadurl.substring(0, 17) === "127.0.0.1"))
+    {
+        return true;
+    }
+    //check for a filename as url
+    else if ((loadurl.length > 0) && (((loadurl.charCodeAt(0) >= 65) && (loadurl.charCodeAt(0) <= 90)) || ((loadurl.charCodeAt(0) >= 97) && (loadurl.charCodeAt(0) <= 122))))
+    {
+        return true;
+    }
+    return false;
+}
+
+// function to check whether the page being loaded is from local machine or remote machine for IPV6 machines
+function isLocalIPV6App(loadurl)
+{
+    if ((loadurl.length > 4) && (loadurl.substring(0, 4) === "http"))
+    {
+      if ((loadurl.length >= 12) && (loadurl.substring(0, 12) === "http://[::1]"))
+      {
+        return true;
+      }
+      else if ((loadurl.length >= 24) && (loadurl.substring(0, 24) === "http://[0:0:0:0:0:0:0:1]"))
+      {
+        return true;
+      }
+      else if ((loadurl.length >= 13) && (loadurl.substring(0, 13) === "https://[::1]"))
+      {
+        return true;
+      }
+      else if ((loadurl.length >= 25) && (loadurl.substring(0, 25) === "https://[0:0:0:0:0:0:0:1]"))
+      {
+        return true;
+      }
+      return false;
+    }
+
+    else if ((loadurl.length >= 5) && (loadurl.substring(0, 5) === "[::1]"))
+    {
+      return true;
+    }
+    else if ((loadurl.length >= 17) && (loadurl.substring(0, 17) === "[0:0:0:0:0:0:0:1]"))
+    {
+      return true;
+    }
+    else if ((loadurl.length >= 4) && (loadurl.substring(0, 4) === "::1"))
+    {
+      return true;
+    }
+    else if ((loadurl.length >= 16) && (loadurl.substring(0, 16) === "0:0:0:0:0:0:0:1"))
+    {
+      return true;
+    }
+    //check for a filename as url
+    else if ((loadurl.length > 0) && (((loadurl.charCodeAt(0) >= 65) && (loadurl.charCodeAt(0) <= 90)) || ((loadurl.charCodeAt(0) >= 97) && (loadurl.charCodeAt(0) <= 122))))
+    {
+        return true;
+    }
+    return false;
+}
 
 function AppSceneContext(params) { // container, innerscene, packageUrl) {
   //  this.container = params.sceneContainer;
@@ -42,7 +121,6 @@ function AppSceneContext(params) { // container, innerscene, packageUrl) {
     this.queryParams = {};
     this.packageUrl = params.packageUrl;
   }
-  this.accessControl = new AccessControl(this.packageUrl);
   this.defaultBaseUri = "";
   this.basePackageUri = "";
   this.sandbox = {};
@@ -482,7 +560,16 @@ AppSceneContext.prototype.include = function(filePath, currentXModule) {
       onImportComplete([modData, origFilePath]);
       return;
     } else if( filePath === 'http' || filePath === 'https' ) {
-      modData = filePath === 'http' ? new http_wrap(_this.accessControl) : new https_wrap(_this.accessControl);
+      if (filePath === 'http')
+      {
+        modData = new http_wrap();
+      }
+      else
+      {
+        modData = new https_wrap();
+      }
+      var localapp = (isLocalApp(_this.packageUrl) || isLocalIPV6App(_this.packageUrl));
+      modData.setLocalApp(localapp);
       onImportComplete([modData, origFilePath]);
       return;
     } else if( filePath.substring(0, 9) === "px:scene.") {

diff --git a/examples/pxScene2d/src/rcvrcore/http_wrap.js b/examples/pxScene2d/src/rcvrcore/http_wrap.js
@@ -2,92 +2,122 @@
 
 var http = require('http');
 
-function HttpWrap(accessControl) {
-  // do not expose accessControl through 'this.accessControl'
-  var _accessControl = accessControl;
+function isLocalAccess(reqOptions)
+{
+  if (((reqOptions.hostname) && ((reqOptions.hostname === "localhost") || (reqOptions.hostname === "127.0.0.1"))) || ((reqOptions.host) && ((reqOptions.host === "localhost") || (reqOptions.host === "127.0.0.1"))))
+  {
+    return true;
+  }
+  else if (((reqOptions.hostname) && ((reqOptions.hostname === "[::1]") || (reqOptions.hostname === "[0:0:0:0:0:0:0:1]"))) || ((reqOptions.host) && ((reqOptions.host === "[::1]") || (reqOptions.host === "[0:0:0:0:0:0:0:1]"))))
+  {
+    return true;
+  }
+  else if (((reqOptions.hostname) && ((reqOptions.hostname === "::1") || (reqOptions.hostname === "0:0:0:0:0:0:0:1"))) || ((reqOptions.host) && ((reqOptions.host === "::1") || (reqOptions.host === "0:0:0:0:0:0:0:1"))))
+  {
+    return true;
+  }
+  return false;
+}
+
+function HttpWrap()
+{
+  this.localApp = false;
+}
+
+HttpWrap.prototype.IncomingMessage = http.IncomingMessage;
+HttpWrap.prototype.METHODS = http.METHODS;
+HttpWrap.prototype.OutgoingMessage = http.OutgoingMessage;
 
-  HttpWrap.prototype.IncomingMessage = http.IncomingMessage;
-  HttpWrap.prototype.METHODS = http.METHODS;
-  HttpWrap.prototype.OutgoingMessage = http.OutgoingMessage;
-  HttpWrap.prototype.globalAgent = http.globalAgent;
+HttpWrap.prototype.setLocalApp = function(isLocalApp) {
+  this.localApp = isLocalApp;
+};
 
-  // Server functionality needs to be disabled.
-  //HttpWrap.prototype.ServerResponse = http.ServerResponse;
-  //HttpWrap.prototype.STATUS_CODES = http.STATUS_CODES;
-  //HttpWrap.prototype.Server = http.Server;
-  //HttpWrap.prototype.createServer = http.createServer;
+HttpWrap.prototype.getLocalApp = function() {
+  return this.localApp;
+};
 
-  HttpWrap.prototype.request = function (options, cb) {
-    if (_accessControl) {
-      if (_accessControl.isLocalAccessFromRemote(options)) {
-        console.log("localhost urls cannot be accessed by remote applications");
-        return;
-      }
-      options = _accessControl.wrapHttpRequestOptions(options);
-      cb = _accessControl.wrapHttpResponseCallback(cb);
+HttpWrap.prototype.request = function(options, cb) {
+  if (true == isLocalAccess(options))
+  {
+    if (false == this.localApp)
+    {
+      console.log("localhost urls cannot be accessed by remote applications");
+      return;
     }
-    return http.request(options, cb);
-  };
+  }
+  return http.request(options, cb);
+};
 
-  // http.request == new http.ClientRequest
-  HttpWrap.prototype.ClientRequest = function (options, cb) {
-    if (_accessControl) {
-      if (_accessControl.isLocalAccessFromRemote(options)) {
-        console.log("localhost urls cannot be accessed by remote applications");
-        return;
-      }
-      options = _accessControl.wrapHttpRequestOptions(options);
-      cb = _accessControl.wrapHttpResponseCallback(cb);
+HttpWrap.prototype.ClientRequest = function(options, cb) {
+  if (true == isLocalAccess(options))
+  {
+    if (false == this.localApp)
+    {
+      console.log("localhost urls cannot be accessed by remote applications");
+      return;
     }
-    return http.ClientRequest(options, cb);
-  };
+  }
+  return http.ClientRequest(options, cb);
+};
 
-  // http.get == http.request (+end)
-  HttpWrap.prototype.get = function (options, cb) {
-    if (_accessControl) {
-      if (_accessControl.isLocalAccessFromRemote(options)) {
-        console.log("localhost urls cannot be accessed by remote applications");
-        return;
-      }
-      options = _accessControl.wrapHttpRequestOptions(options);
-      cb = _accessControl.wrapHttpResponseCallback(cb);
+HttpWrap.prototype.get = function(options, cb) {
+  if (true == isLocalAccess(options))
+  {
+    if (false == this.localApp)
+    {
+      console.log("localhost urls cannot be accessed by remote applications");
+      return;
     }
-    return http.get(options, cb);
-  };
+  }
+  return http.get(options, cb);
+};
 
-  HttpWrap.prototype.Agent = function (options) {
-    if (_accessControl) {
-      if (_accessControl.isLocalAccessFromRemote(options)) {
-        console.log("localhost urls cannot be accessed by remote applications");
-        return;
-      }
+HttpWrap.prototype.Agent = function(options) {
+  if (true == isLocalAccess(options))
+  {
+    if (false == this.localApp)
+    {
+      console.log("localhost urls cannot be accessed by remote applications");
+      return;
     }
-    return http.Agent(options);
-  };
+  }
+  return http.Agent(options);
+};
 
-  // TODO CORS?
-  // deprecated
-  HttpWrap.prototype.Client = function (port, host) {
-    if (_accessControl) {
-      if (_accessControl.isLocalAccessFromRemote(host)) {
-        console.log("localhost urls cannot be accessed by remote applications");
-        return;
-      }
+HttpWrap.prototype.globalAgent = function(options) {
+  if (true == isLocalAccess(options))
+  {
+    if (false == this.localApp)
+    {
+      console.log("localhost urls cannot be accessed by remote applications");
+      return;
     }
-    return http.Client(port, host);
-  };
+  }
+  return http.globalAgent(options);
+};
 
-  // TODO CORS?
-  // deprecated
-  HttpWrap.prototype.createClient = function (port, host) {
-    if (_accessControl) {
-      if (_accessControl.isLocalAccessFromRemote(host)) {
-        console.log("localhost urls cannot be accessed by remote applications");
-        return;
-      }
+HttpWrap.prototype.Client = function(port, host) {
+  if ((host === "localhost") || (host === "127.0.0.1"))
+  {
+    if (false == this.localApp)
+    {
+      console.log("localhost urls cannot be accessed by remote applications");
+      return;
     }
-    return http.createClient(port, host);
-  };
-}
+  }
+  return http.Client(port,host);
+};
+
+HttpWrap.prototype.createClient = function(port, host) {
+  if ((host === "localhost") || (host === "127.0.0.1"))
+  {
+    if (false == this.localApp)
+    {
+      console.log("localhost urls cannot be accessed by remote applications");
+      return;
+    }
+  }
+  return http.createClient(port,host);
+};
 
 module.exports = HttpWrap;