Author: johnh
Date: Wed May 4 03:23:59 2011
New Revision: 1099314
URL: http://svn.apache.org/viewvc?rev=1099314&view=rev
Log:
Remove unnecessary security-lax pieces of Flash transport implementation:
* Underbar prefix on channel name.
* allowDomain filter on localConnection.
Neither are necessary when xpc.swf is hosted off the same domain for all
parties, which is the case for flash transport users.
Modified:
shindig/trunk/content/xpc.swf
shindig/trunk/features/src/main/flex/Main.as
shindig/trunk/features/src/main/javascript/features/rpc/flash.transport.js
Modified: shindig/trunk/content/xpc.swf
URL:
http://svn.apache.org/viewvc/shindig/trunk/content/xpc.swf?rev=1099314&r1=1099313&r2=1099314&view=diff
==============================================================================
Files shindig/trunk/content/xpc.swf (original) and
shindig/trunk/content/xpc.swf Wed May 4 03:23:59 2011 differ
Modified: shindig/trunk/features/src/main/flex/Main.as
URL:
http://svn.apache.org/viewvc/shindig/trunk/features/src/main/flex/Main.as?rev=1099314&r1=1099313&r2=1099314&view=diff
==============================================================================
--- shindig/trunk/features/src/main/flex/Main.as (original)
+++ shindig/trunk/features/src/main/flex/Main.as Wed May 4 03:23:59 2011
@@ -145,21 +145,11 @@ class Main {
var receiving_lc:LocalConnection = new LocalConnection();
var sending_lc:LocalConnection = new LocalConnection();
- var lastSendingDomain:String;
- // Allow messages to be sent from any other SWF to this channel.
- // Message verification itself is handled by both the fact that the
- // channel ID contains the rpc_token as well as the passed message
- // contents themselves, containing the token too. The SWF is
- // largely a simple relay.
- receiving_lc.allowDomain = function(sendingDomain:String) {
- lastSendingDomain = sendingDomain;
- return true;
- };
receiving_lc.receiveMessage =
function(to_origin:String, from_origin:String, in_rpc_key:String,
message:String) {
if ((to_origin === "*" || to_origin === my_origin) && (in_rpc_key ==
rpc_key)) {
ExternalInterface.call("gadgets.rpctx.flash._receiveMessage",
- escFn(message), escFn(from_origin), escFn(to_origin),
escFn(lastSendingDomain));
+ escFn(message), escFn(from_origin), escFn(to_origin));
}
};
@@ -167,11 +157,11 @@ class Main {
{ }, function(message:String, to_origin:String) {
if (!to_origin) to_origin = "*";
var sendId:String =
- replaceFn("_channel_" + channel_id + "_" + rpc_key + "_" +
other_role, ":", "");
+ replaceFn("channel_" + channel_id + "_" + rpc_key + "_" +
other_role, ":", "");
sending_lc.send(sendId,
"receiveMessage", to_origin, my_origin, rpc_key, message);
});
- var recvId:String = replaceFn("_channel_" + channel_id + "_" + rpc_key +
"_" + role, ":", "");
+ var recvId:String = replaceFn("channel_" + channel_id + "_" + rpc_key +
"_" + role, ":", "");
receiving_lc.connect(recvId);
if (role == "INNER") {
// In child context, trigger notice that the setup method is complete.
Modified:
shindig/trunk/features/src/main/javascript/features/rpc/flash.transport.js
URL:
http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/rpc/flash.transport.js?rev=1099314&r1=1099313&r2=1099314&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/rpc/flash.transport.js
(original)
+++ shindig/trunk/features/src/main/javascript/features/rpc/flash.transport.js
Wed May 4 03:23:59 2011
@@ -183,7 +183,7 @@ if (!gadgets.rpctx.flash) { // make lib
call: call,
// Methods called by relay SWF. Should be considered private.
- _receiveMessage: function(message, fromOrigin, toOrigin,
sendingSwfDomain) {
+ _receiveMessage: function(message, fromOrigin, toOrigin) {
var jsonMsg = gadgets.json.parse(message);
var channelReady = jsonMsg[SWF_CHANNEL_READY];
if (channelReady) {
