Reviewers: Ray Ryan, Description: Description: =========== Firefox 3.5 allows cross site XHR requests without any way to disable the option. Only the server can deny the request.
Fix: ==== Fixed RequestBuilderTest to check for FF3.5. We currently do the same for Safari 2, which fails silently. Please review this at http://gwt-code-reviews.appspot.com/73802 Affected files: user/test/com/google/gwt/http/client/RequestBuilderTest.java Index: user/test/com/google/gwt/http/client/RequestBuilderTest.java =================================================================== --- user/test/com/google/gwt/http/client/RequestBuilderTest.java (revision 6245) +++ user/test/com/google/gwt/http/client/RequestBuilderTest.java (working copy) @@ -45,6 +45,25 @@ return ua.indexOf("webkit") != -1; }-*/; + /** + * HACK: Part of a work around for FF 3.5's failure to throw an exception when + * an XmlHttpRequest that violates the same origin policy is made. + */ + private static native boolean isFirefox35() /*-{ + var ua = navigator.userAgent.toLowerCase(); + if (ua.indexOf("gecko") == -1) { + return false; + } + var result = /firefox\/([0-9]+\.[0-9]+)/.exec(ua.toLowerCase()); + if (result && result.length == 2) { + var version = parseFloat(result[1]); + if (version >= 3.5) { + return true; + } + } + return false; + }-*/; + @Override public String getModuleName() { return "com.google.gwt.http.RequestBuilderTest"; @@ -109,13 +128,17 @@ } }); - if (isSafari()) { + if (isSafari() || isFirefox35()) { /* * HACK: Safari 2.0.4 will not throw an exception for XHR's that violate * the same-origin policy. It appears to silently ignore them so we do * not fail this test if we are on Safari and the * RequestPermissionException is not thrown. Even though Safari 3.0.4 * does throw an exception in this case, we exclude it anyway. + * + * FF3.5 allows XHR's to violate the same-origin policy and offers no + * way to disable the feature from the client. Only the server can block + * the same origin policy. */ } else { /* --~--~---------~--~----~------------~-------~--~----~ http://groups.google.com/group/Google-Web-Toolkit-Contributors -~----------~----~----~----~------~----~------~--~---