diff options
author | Jay Freeman (saurik) <saurik@saurik.com> | 2011-03-09 05:06:14 -0800 |
---|---|---|
committer | Jay Freeman (saurik) <saurik@saurik.com> | 2011-03-09 05:07:54 -0800 |
commit | 247bedb6ab47e07cecd3900ba9d1430d3ec2a3e4 (patch) | |
tree | 2a41ad3e53d6475b303d8b57fac21c2e37e845da | |
parent | 1baae0861a9aaa283e8a95649ba981bd65f35160 (diff) |
Only send X-Cydia-Token to vaguely trusted hosts.
-rw-r--r-- | MobileCydia.mm | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/MobileCydia.mm b/MobileCydia.mm index 1f62b2b..3c11b91 100644 --- a/MobileCydia.mm +++ b/MobileCydia.mm @@ -709,6 +709,7 @@ static NSString *Idiom_; static _H<NSMutableDictionary> SessionData_; static _H<NSObject> HostConfig_; static _H<NSMutableSet> BridgedHosts_; +static _H<NSMutableSet> TokenHosts_; static _H<NSMutableSet> PipelinedHosts_; static _H<NSMutableSet> CachedURLs_; @@ -3841,6 +3842,8 @@ static _H<NSMutableSet> Diversions_; return @"addInternalRedirect"; else if (selector == @selector(addPipelinedHost:scheme:)) return @"addPipelinedHost"; + else if (selector == @selector(addTokenHost:)) + return @"addTokenHost"; else if (selector == @selector(addTrivialSource:)) return @"addTrivialSource"; else if (selector == @selector(close)) @@ -3995,6 +3998,11 @@ static _H<NSMutableSet> Diversions_; [BridgedHosts_ addObject:host]; } } +- (void) addTokenHost:(NSString *)host { +@synchronized (HostConfig_) { + [TokenHosts_ addObject:host]; +} } + - (void) addPipelinedHost:(NSString *)host scheme:(NSString *)scheme { @synchronized (HostConfig_) { if (scheme != (id) [WebUndefined undefined]) @@ -4263,14 +4271,25 @@ static _H<NSMutableSet> Diversions_; } - (NSURLRequest *) webView:(WebView *)view resource:(id)resource willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)response fromDataSource:(WebDataSource *)source { + NSURL *url([request URL]); + NSString *host([url host]); + NSMutableURLRequest *copy([[super webView:view resource:resource willSendRequest:request redirectResponse:response fromDataSource:source] mutableCopy]); if (System_ != NULL && [copy valueForHTTPHeaderField:@"X-System"] == nil) [copy setValue:System_ forHTTPHeaderField:@"X-System"]; if (Machine_ != NULL && [copy valueForHTTPHeaderField:@"X-Machine"] == nil) [copy setValue:[NSString stringWithUTF8String:Machine_] forHTTPHeaderField:@"X-Machine"]; - if (Token_ != nil && [copy valueForHTTPHeaderField:@"X-Cydia-Token"] == nil) - [copy setValue:Token_ forHTTPHeaderField:@"X-Cydia-Token"]; + + bool token; + @synchronized (HostConfig_) { + token = [TokenHosts_ containsObject:host]; + } + + if (token) { + if (Token_ != nil && [copy valueForHTTPHeaderField:@"X-Cydia-Token"] == nil) + [copy setValue:Token_ forHTTPHeaderField:@"X-Cydia-Token"]; + } return copy; } @@ -9672,6 +9691,7 @@ int main(int argc, char *argv[]) { HostConfig_ = [[[NSObject alloc] init] autorelease]; @synchronized (HostConfig_) { BridgedHosts_ = [NSMutableSet setWithCapacity:4]; + TokenHosts_ = [NSMutableSet setWithCapacity:4]; PipelinedHosts_ = [NSMutableSet setWithCapacity:4]; CachedURLs_ = [NSMutableSet setWithCapacity:32]; } |