diff options
author | Melanie Thielker | 2016-03-16 20:04:52 +0100 |
---|---|---|
committer | Melanie Thielker | 2016-03-16 20:04:52 +0100 |
commit | e8b46023e47399e9dcc0057a4380ca4fe49908ee (patch) | |
tree | aa384c79130605f8e5740f689a81226cc47f9335 /OpenSim/Region/CoreModules | |
parent | Implement Access-Control-Allow-Origin for HTTP LSL server (diff) | |
download | opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.zip opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.gz opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.bz2 opensim-SC_OLD-e8b46023e47399e9dcc0057a4380ca4fe49908ee.tar.xz |
Add osRequestURL and osRequestSecureURL with an options list.
Only currently supported option is "allowXss" which will send the needed
Access-control-allow-origin: * header to allow xss scripting against
the LSL http server.
Diffstat (limited to 'OpenSim/Region/CoreModules')
-rw-r--r-- | OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs index fffd640..f563c68 100644 --- a/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs +++ b/OpenSim/Region/CoreModules/Scripting/LSLHttp/UrlModule.cs | |||
@@ -52,6 +52,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
52 | public Dictionary<UUID, RequestData> requests; | 52 | public Dictionary<UUID, RequestData> requests; |
53 | public bool isSsl; | 53 | public bool isSsl; |
54 | public Scene scene; | 54 | public Scene scene; |
55 | public bool allowXss; | ||
55 | } | 56 | } |
56 | 57 | ||
57 | public class RequestData | 58 | public class RequestData |
@@ -192,7 +193,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
192 | { | 193 | { |
193 | } | 194 | } |
194 | 195 | ||
195 | public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID) | 196 | public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options) |
196 | { | 197 | { |
197 | UUID urlcode = UUID.Random(); | 198 | UUID urlcode = UUID.Random(); |
198 | 199 | ||
@@ -214,6 +215,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
214 | urlData.isSsl = false; | 215 | urlData.isSsl = false; |
215 | urlData.requests = new Dictionary<UUID, RequestData>(); | 216 | urlData.requests = new Dictionary<UUID, RequestData>(); |
216 | urlData.scene = host.ParentGroup.Scene; | 217 | urlData.scene = host.ParentGroup.Scene; |
218 | urlData.allowXss = false; | ||
219 | |||
220 | if (options != null && options["allowXss"] != null) | ||
221 | urlData.allowXss = true; | ||
217 | 222 | ||
218 | m_UrlMap[url] = urlData; | 223 | m_UrlMap[url] = urlData; |
219 | 224 | ||
@@ -234,7 +239,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
234 | return urlcode; | 239 | return urlcode; |
235 | } | 240 | } |
236 | 241 | ||
237 | public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID) | 242 | public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options) |
238 | { | 243 | { |
239 | UUID urlcode = UUID.Random(); | 244 | UUID urlcode = UUID.Random(); |
240 | 245 | ||
@@ -261,7 +266,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
261 | urlData.urlcode = urlcode; | 266 | urlData.urlcode = urlcode; |
262 | urlData.isSsl = true; | 267 | urlData.isSsl = true; |
263 | urlData.requests = new Dictionary<UUID, RequestData>(); | 268 | urlData.requests = new Dictionary<UUID, RequestData>(); |
269 | urlData.allowXss = false; | ||
264 | 270 | ||
271 | if (options != null && options["allowXss"] != null) | ||
272 | urlData.allowXss = true; | ||
265 | 273 | ||
266 | m_UrlMap[url] = urlData; | 274 | m_UrlMap[url] = urlData; |
267 | 275 | ||
@@ -559,7 +567,8 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp | |||
559 | response["keepalive"] = false; | 567 | response["keepalive"] = false; |
560 | response["reusecontext"] = false; | 568 | response["reusecontext"] = false; |
561 | 569 | ||
562 | response["access_control_allow_origin"] = "*"; | 570 | if (url.allowXss) |
571 | response["access_control_allow_origin"] = "*"; | ||
563 | 572 | ||
564 | //remove from map | 573 | //remove from map |
565 | lock (url.requests) | 574 | lock (url.requests) |