8004562: Better support for crossdomain.xml
Reviewed-by: herrick, ngthomas, chegar
This commit is contained in:
Nikolay Gorshkov
parent
a265181b1e
commit
6609c71505
@ -541,9 +541,11 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
|||||||
* to last and last, respectively, in the case of a POST
|
* to last and last, respectively, in the case of a POST
|
||||||
* request.
|
* request.
|
||||||
*/
|
*/
|
||||||
if (!failedOnce)
|
if (!failedOnce) {
|
||||||
|
checkURLFile();
|
||||||
requests.prepend(method + " " + getRequestURI()+" " +
|
requests.prepend(method + " " + getRequestURI()+" " +
|
||||||
httpVersion, null);
|
httpVersion, null);
|
||||||
|
}
|
||||||
if (!getUseCaches()) {
|
if (!getUseCaches()) {
|
||||||
requests.setIfNotSet ("Cache-Control", "no-cache");
|
requests.setIfNotSet ("Cache-Control", "no-cache");
|
||||||
requests.setIfNotSet ("Pragma", "no-cache");
|
requests.setIfNotSet ("Pragma", "no-cache");
|
||||||
@ -554,7 +556,12 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
|||||||
if (port != -1 && port != url.getDefaultPort()) {
|
if (port != -1 && port != url.getDefaultPort()) {
|
||||||
host += ":" + String.valueOf(port);
|
host += ":" + String.valueOf(port);
|
||||||
}
|
}
|
||||||
requests.setIfNotSet("Host", host);
|
String reqHost = requests.findValue("Host");
|
||||||
|
if (reqHost == null ||
|
||||||
|
(!reqHost.equalsIgnoreCase(host) && !checkSetHost()))
|
||||||
|
{
|
||||||
|
requests.set("Host", host);
|
||||||
|
}
|
||||||
requests.setIfNotSet("Accept", acceptString);
|
requests.setIfNotSet("Accept", acceptString);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -671,6 +678,44 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private boolean checkSetHost() {
|
||||||
|
SecurityManager s = System.getSecurityManager();
|
||||||
|
if (s != null) {
|
||||||
|
String name = s.getClass().getName();
|
||||||
|
if (name.equals("sun.plugin2.applet.AWTAppletSecurityManager") ||
|
||||||
|
name.equals("sun.plugin2.applet.FXAppletSecurityManager") ||
|
||||||
|
name.equals("com.sun.javaws.security.JavaWebStartSecurity") ||
|
||||||
|
name.equals("sun.plugin.security.ActivatorSecurityManager"))
|
||||||
|
{
|
||||||
|
int CHECK_SET_HOST = -2;
|
||||||
|
try {
|
||||||
|
s.checkConnect(url.toExternalForm(), CHECK_SET_HOST);
|
||||||
|
} catch (SecurityException ex) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
private void checkURLFile() {
|
||||||
|
SecurityManager s = System.getSecurityManager();
|
||||||
|
if (s != null) {
|
||||||
|
String name = s.getClass().getName();
|
||||||
|
if (name.equals("sun.plugin2.applet.AWTAppletSecurityManager") ||
|
||||||
|
name.equals("sun.plugin2.applet.FXAppletSecurityManager") ||
|
||||||
|
name.equals("com.sun.javaws.security.JavaWebStartSecurity") ||
|
||||||
|
name.equals("sun.plugin.security.ActivatorSecurityManager"))
|
||||||
|
{
|
||||||
|
int CHECK_SUBPATH = -3;
|
||||||
|
try {
|
||||||
|
s.checkConnect(url.toExternalForm(), CHECK_SUBPATH);
|
||||||
|
} catch (SecurityException ex) {
|
||||||
|
throw new SecurityException("denied access outside a permitted URL subpath", ex);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a new HttpClient object, bypassing the cache of
|
* Create a new HttpClient object, bypassing the cache of
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user