Require security token when calling CallbackServer via XHR.

2026-04-04 00:02:03 +08:00 · 2010-10-29 10:53:59 +08:00
parent 2e5d6f5b74
commit f7254044ee
2 changed files with 51 additions and 29 deletions
--- a/framework/src/com/phonegap/CallbackServer.java
+++ b/framework/src/com/phonegap/CallbackServer.java
@@ -71,6 +71,11 @@ public class CallbackServer implements Runnable {
 	 */
 	private boolean usePolling;
 	
+	/**
+	 * Security token to prevent other apps from accessing this callback server via XHR
+	 */
+	private String token;
+	
 	/**
 	 * Constructor.
 	 */
@@ -108,6 +113,15 @@ public class CallbackServer implements Runnable {
 		return this.port;
 	}
 	
+	/**
+	 * Get the security token that this server requires when calling getJavascript().
+	 * 
+	 * @return
+	 */
+	public String getToken() {
+		return this.token;
+	}
+	
 	/**
 	 * Start the server on a new thread.
 	 */
@@ -145,6 +159,8 @@ public class CallbackServer implements Runnable {
 			ServerSocket waitSocket = new ServerSocket(0);
 			this.port = waitSocket.getLocalPort();
 			//System.out.println(" -- using port " +this.port);
+			this.token = java.util.UUID.randomUUID().toString();
+			//System.out.println(" -- using token "+this.token);

 			 while (this.active) {
 				 //System.out.println("CallbackServer: Waiting for data on socket");
@@ -153,36 +169,39 @@ public class CallbackServer implements Runnable {
 				 DataOutputStream output = new DataOutputStream(connection.getOutputStream());
 				 request = xhrReader.readLine();
 				 //System.out.println("Request="+request);
-				 if(request.contains("GET"))
-				 {
-					 //System.out.println(" -- Processing GET request");
-					 
-					 // Wait until there is some data to send, or send empty data every 30 sec 
-					 // to prevent XHR timeout on the client 
-					 synchronized (this) { 
-						 while (this.empty) { 
-							 try { 
-								 this.wait(30000); // prevent timeout from happening
-								 //System.out.println(">>> break <<<");
-								 break;
+				 if (request.contains("GET")) {
+
+					 // Must have security token
+					 if (request.substring(5,41).equals(this.token)) {
+						 //System.out.println(" -- Processing GET request");
+
+						 // Wait until there is some data to send, or send empty data every 30 sec 
+						 // to prevent XHR timeout on the client 
+						 synchronized (this) { 
+							 while (this.empty) { 
+								 try { 
+									 this.wait(30000); // prevent timeout from happening
+									 //System.out.println(">>> break <<<");
+									 break;
+								 } 
+								 catch (Exception e) { }
 							 } 
-							 catch (Exception e) { }
-						 } 
+						 }
+
+						 // If server is still running
+						 if (this.active) {
+
+							 // If no data, then send 404 back to client before it times out
+							 if (this.empty) {
+								 //System.out.println(" -- sending data 0");
+								 output.writeBytes("HTTP/1.1 404 NO DATA\r\n\r\n");
+							 }
+							 else {
+								 //System.out.println(" -- sending item");
+								 output.writeBytes("HTTP/1.1 200 OK\r\n\r\n"+this.getJavascript());
+							 }
+						 }
 					 }
-					 
-					 // If server is still running
-					 if (this.active) {
-					
-						 // If no data, then send 404 back to client before it times out
-						 if (this.empty) {
-							 //System.out.println(" -- sending data 0");
-							 output.writeBytes("HTTP/1.1 404 NO DATA\r\n\r\n");
-						 }
-						 else {
-							 //System.out.println(" -- sending item");
-							 output.writeBytes("HTTP/1.1 200 OK\r\n\r\n"+this.getJavascript());
-						 }
-					 }					 
 				 }
 				 //System.out.println("CallbackServer: closing output");
 				 output.close();