Index: callback_server.cc |
diff --git a/callback_server.cc b/callback_server.cc |
index b5bfaee7612e5b67ef03e764d120086a8c47a72a..ac98b925c3480d2481754e6b5eb7ffa6578b2bdb 100644 |
--- a/callback_server.cc |
+++ b/callback_server.cc |
@@ -12,6 +12,8 @@ namespace entd { |
using std::string; |
+std::string CallbackServer::session_id_; |
+ |
namespace { |
// Max 1k request entity |
const int kMaxRequestSize = 1024; |
@@ -32,9 +34,6 @@ const uint32_t kMaxPort = 5999; |
// Incoming requests must have this content type |
const std::string kContentType = "application/json; charset=UTF-8"; |
-// Default value of request_header_value_ |
-const std::string kDefaultRequestHeaderValue = "magic"; |
- |
// Callback functions must have this prefix, so we can avoid dispatching |
// against default properties that aren't actually intended to be callbacks. |
const std::string kCallbackPrefix = "cb:"; |
@@ -108,22 +107,6 @@ v8::Handle<v8::Value> dispatch_Stop(const v8::Arguments& args) { |
return v8::Undefined(); |
} |
-// Called by v8 when someone trys to read from callbackServer.requestHeaderValue |
-v8::Handle<v8::Value> dispatch_GetRequestHeaderValue( |
- v8::Local<v8::String> name, |
- const v8::AccessorInfo& info) { |
- CallbackServer* cs = CallbackServer::Unwrap(info.Holder()); |
- return v8::String::New(cs->request_header_value().c_str()); |
-} |
- |
-// Called by v8 when someone trys to assign to callbackServer.requestHeaderValue |
-void dispatch_SetRequestHeaderValue(v8::Local<v8::String> name, |
- v8::Local<v8::Value> value, |
- const v8::AccessorInfo& info) { |
- CallbackServer* cs = CallbackServer::Unwrap(info.Holder()); |
- cs->set_request_header_value(*v8::String::Utf8Value(value)); |
-} |
- |
} // namespace |
std::string CallbackServer::required_origin = ""; |
@@ -131,7 +114,6 @@ std::string CallbackServer::required_origin = ""; |
CallbackServer::CallbackServer(Entd* entd) |
: busy_(false), |
entd_(entd), |
- request_header_value_(kDefaultRequestHeaderValue), |
evhttp_(NULL) |
{} |
@@ -147,9 +129,6 @@ void CallbackServer::SetTemplateBindings( |
v8::FunctionTemplate::New(dispatch_Start)); |
template_object->Set(v8::String::NewSymbol("stop"), |
v8::FunctionTemplate::New(dispatch_Stop)); |
- template_object->SetAccessor(v8::String::NewSymbol("requestHeaderValue"), |
- dispatch_GetRequestHeaderValue, |
- dispatch_SetRequestHeaderValue); |
} |
void CallbackServer::OnRequest(struct evhttp_request* request) { |
@@ -183,12 +162,12 @@ void CallbackServer::OnRequest(struct evhttp_request* request) { |
return; |
} |
- // This header must be present, since Chrome's XMLHttpRequest object |
- // won't let you set an unknown header for cross domain XHR. |
- header = evhttp_find_header(request->input_headers, "X-Entd-Request"); |
- if (!header || strcmp(request_header_value_.c_str(), header) != 0) { |
- LOG(ERROR) << "Bad or missing X-Entd-Request header"; |
- evhttp_send_error(request, kHttpBadRequest, "Bad X-Entd-Request header"); |
+ // Check the session ID. |
+ header = evhttp_find_header(request->input_headers, "X-Entd-Session-Id"); |
+ if (!header || header != session_id_) { |
+ LOG(ERROR) << "Bad or missing X-Entd-Session-Id header: " << header; |
+ evhttp_send_error(request, kHttpBadRequest, |
+ "Bad or missing session id header"); |
return; |
} |