Add osRequestURL and osRequestSecureURL with an options list.

Only currently supported option is "allowXss" which will send the needed Access-control-allow-origin: * header to allow xss scripting against the LSL http server.
author: Melanie Thielker 2016-03-16 20:04:52 +0100
committer: Melanie Thielker 2016-03-16 20:04:52 +0100
commit: e8b46023e47399e9dcc0057a4380ca4fe49908ee (patch)
tree: aa384c79130605f8e5740f689a81226cc47f9335 /OpenSim/Region/CoreModules/Scripting
parent: Implement Access-Control-Allow-Origin for HTTP LSL server (diff)
download: opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.zip
opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.gz
opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.bz2
opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.xz
1 files changed, 12 insertions, 3 deletions
diff --git a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
index fffd640..f563c68 100644
--- a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
+++ b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs
@@ -52,6 +52,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
        public Dictionary<UUID, RequestData> requests;
        public bool isSsl;
        public Scene scene;
+        public bool allowXss;
    }
    public class RequestData
@@ -192,7 +193,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
        {
        }
-        public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID)
+        public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options)
        {
            UUID urlcode = UUID.Random();
@@ -214,6 +215,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
                urlData.isSsl = false;
                urlData.requests = new Dictionary<UUID, RequestData>();
                urlData.scene = host.ParentGroup.Scene;
+                urlData.allowXss = false;
+                if (options != null && options["allowXss"] != null)
+                    urlData.allowXss = true;
                m_UrlMap[url] = urlData;
                
@@ -234,7 +239,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
            return urlcode;
        }
-        public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID)
+        public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options)
        {
            UUID urlcode = UUID.Random();
@@ -261,7 +266,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
                urlData.urlcode = urlcode;
                urlData.isSsl = true;
                urlData.requests = new Dictionary<UUID, RequestData>();
+                urlData.allowXss = false;
+                if (options != null && options["allowXss"] != null)
+                    urlData.allowXss = true;
                
                m_UrlMap[url] = urlData;
                
@@ -559,7 +567,8 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
            response["keepalive"] = false;
            response["reusecontext"] = false;
-                        response["access_control_allow_origin"] = "*";
+            if (url.allowXss)
+                response["access_control_allow_origin"] = "*";
            
            //remove from map
            lock (url.requests)
author	Melanie Thielker	2016-03-16 20:04:52 +0100
committer	Melanie Thielker	2016-03-16 20:04:52 +0100
commit	e8b46023e47399e9dcc0057a4380ca4fe49908ee (patch)
tree	aa384c79130605f8e5740f689a81226cc47f9335 /OpenSim/Region/CoreModules/Scripting
parent	Implement Access-Control-Allow-Origin for HTTP LSL server (diff)
download	opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.zip opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.gz opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.bz2 opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.xz