Brian Slesinsky has uploaded a new change for review.
https://gwt-review.googlesource.com/2480
Change subject: By default, disable Super Dev Mode on https pages. This
should make it safer to leave the Super Dev Mode hook on all the time when
the production server uses https.
......................................................................
By default, disable Super Dev Mode on https pages.
This should make it safer to leave the Super Dev Mode hook on all the time
when the production server uses https.
New API: CrossSiteIframeLinker.getJsDevModeRedirectHookPermitted() can be
overridden to change the JavaScript expression that does the check.
See issue 7538.
Change-Id: Ic603c9e511a766cd4c89b15f7561a254070c6ac5
---
M dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
M dev/core/src/com/google/gwt/core/linker/DevModeRedirectHook.js
2 files changed, 48 insertions(+), 24 deletions(-)
diff --git
a/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
b/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
index 8e59403..561f384 100644
--- a/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
+++ b/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
@@ -96,6 +96,8 @@
includeJs(ss, logger,
getJsLoadExternalStylesheets(context), "__LOAD_STYLESHEETS__");
includeJs(ss, logger, getJsRunAsync(context), "__RUN_ASYNC__");
includeJs(ss, logger,
getJsDevModeRedirectHook(context), "__DEV_MODE_REDIRECT_HOOK__");
+ includeJs(ss, logger, getJsDevModeRedirectHookPermitted(context),
+ "__DEV_MODE_REDIRECT_HOOK_PERMITTED__"); // must be after
DEV_MODE_REDIRECT_HOOK
// This Linker does not support <script> tags in the gwt.xml
SortedSet<ScriptReference> scripts =
artifacts.find(ScriptReference.class);
@@ -223,7 +225,8 @@
}
/**
- * Returns a code fragment to check for the new development mode.
+ * Returns a JavaScript fragment that starts Super Dev Mode, if enabled.
+ * (May return either the JavaScript itself or the name of a Java
resource ending with ".js".)
*/
protected String getJsDevModeRedirectHook(LinkerContext context) {
// Enable Super Dev Mode for this app if the devModeRedirectEnabled
config property is true.
@@ -236,6 +239,24 @@
}
/**
+ * Returns a JavaScript expression that determines whether Super Dev
Mode may be turned on
+ * for the current page. (May return either the JavaScript itself or the
name of a Java resource
+ * ending with ".js".)
+ *
+ * <p>The default implementation disallows Super Dev Mode on https
pages. It could be overridden
+ * to implement a blacklist or whitelist of hostnames where Super Dev
Mode may run. As a safety
+ * precaution, it's recommended to return false for https and for the
hostnames in URL's visited
+ * by end users.
+ *
+ * <p>If you override this method to allow https, it probably won't work
because
+ * browsers often disallow loading JavaScript from http URL's into https
pages. To make it work,
+ * you would also have to find a way to run the code server using https.
+ */
+ protected String getJsDevModeRedirectHookPermitted(LinkerContext
context) {
+ return "$wnd.location.protocol != \"https\"";
+ }
+
+ /**
* Returns the name of the {@code JsInstallLocation} script. By default,
* returns
{@code "com/google/gwt/core/ext/linker/impl/installLocationIframe.js"}.
*
diff --git a/dev/core/src/com/google/gwt/core/linker/DevModeRedirectHook.js
b/dev/core/src/com/google/gwt/core/linker/DevModeRedirectHook.js
index a5026f2..753e436 100644
--- a/dev/core/src/com/google/gwt/core/linker/DevModeRedirectHook.js
+++ b/dev/core/src/com/google/gwt/core/linker/DevModeRedirectHook.js
@@ -14,35 +14,38 @@
* the License.
*/
-// A snippet of code that loads a different script if dev mode is enabled.
-
-// Declare our existence.
-// (This assumes that properties.js has already set up the map.)
+// A snippet of code that loads a different script if Super Dev Mode is
enabled.
if ($wnd) {
- $wnd.__gwt_activeModules["__MODULE_NAME__"].canRedirect = true;
-}
+ var devModePermitted = !!(__DEV_MODE_REDIRECT_HOOK_PERMITTED__);
-// We use a different key for each module so that we can turn on dev mode
-// independently for each.
-var devModeKey = '__gwtDevModeHook:__MODULE_NAME__';
+ // Declare our existence.
+ // (This assumes that properties.js has already set up the map.)
+ $wnd.__gwt_activeModules["__MODULE_NAME__"].canRedirect =
devModePermitted;
-// If dev mode is on, the Bookmarklet previously saved the code server's
URL
-// to session storage.
-var devModeUrl = $wnd.sessionStorage[devModeKey];
+ if (devModePermitted) {
+ // We use a different key for each module so that we can turn on dev
mode
+ // independently for each.
+ var devModeKey = '__gwtDevModeHook:__MODULE_NAME__';
-if (devModeUrl && !$wnd[devModeKey]) {
- $wnd[devModeKey] = true; // Don't try to redirect more than once,
- var script = $doc.createElement('script');
+ // If dev mode is on, the bookmarklet previously saved the code
server's URL
+ // to session storage.
+ var devModeUrl = $wnd.sessionStorage[devModeKey];
- // save original module base
- $wnd[devModeKey + ':moduleBase'] = computeScriptBase();
+ if (devModeUrl && !$wnd[devModeKey]) {
+ $wnd[devModeKey] = true; // Don't try to redirect more than once,
- script.src = devModeUrl;
- var head = $doc.getElementsByTagName('head')[0];
+ // Save the original module base. (Returned by GWT.getModuleBaseURL.)
+ $wnd[devModeKey + ':moduleBase'] = computeScriptBase();
- // The new script tag must come before the previous one so that
- // computeScriptBase will see it.
- head.insertBefore(script, head.firstElementChild || head.children[0]);
+ var devModeScript = $doc.createElement('script');
+ devModeScript.src = devModeUrl;
- return false; // Skip the regular bootstrap.
+ // The new script tag must come before the previous one so that
+ // computeScriptBase will see it.
+ var head = $doc.getElementsByTagName('head')[0];
+ head.insertBefore(devModeScript, head.firstElementChild ||
head.children[0]);
+
+ return false; // Skip the regular bootstrap.
+ }
+ }
}
--
To view, visit https://gwt-review.googlesource.com/2480
To unsubscribe, visit https://gwt-review.googlesource.com/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic603c9e511a766cd4c89b15f7561a254070c6ac5
Gerrit-PatchSet: 1
Gerrit-Project: gwt
Gerrit-Branch: master
Gerrit-Owner: Brian Slesinsky <[email protected]>
--
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
---
You received this message because you are subscribed to the Google Groups "Google Web Toolkit Contributors" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
