| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 /** | 5 /** |
| 6 * Authenticator class wraps the communications between Gaia and its host. | 6 * Authenticator class wraps the communications between Gaia and its host. |
| 7 */ | 7 */ |
| 8 function Authenticator() { | 8 function Authenticator() { |
| 9 } | 9 } |
| 10 | 10 |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 75 GAIA_PAGE_PATH: 'ServiceLogin?skipvpage=true&sarp=1&rm=hide', | 75 GAIA_PAGE_PATH: 'ServiceLogin?skipvpage=true&sarp=1&rm=hide', |
| 76 PARENT_PAGE: 'chrome://oobe/', | 76 PARENT_PAGE: 'chrome://oobe/', |
| 77 SERVICE_ID: 'chromeoslogin', | 77 SERVICE_ID: 'chromeoslogin', |
| 78 CONTINUE_URL: Authenticator.THIS_EXTENSION_ORIGIN + '/success.html', | 78 CONTINUE_URL: Authenticator.THIS_EXTENSION_ORIGIN + '/success.html', |
| 79 CONSTRAINED_FLOW_SOURCE: 'chrome', | 79 CONSTRAINED_FLOW_SOURCE: 'chrome', |
| 80 | 80 |
| 81 initialize: function() { | 81 initialize: function() { |
| 82 var params = getUrlSearchParams(location.search); | 82 var params = getUrlSearchParams(location.search); |
| 83 this.parentPage_ = params.parentPage || this.PARENT_PAGE; | 83 this.parentPage_ = params.parentPage || this.PARENT_PAGE; |
| 84 this.gaiaUrl_ = params.gaiaUrl || this.GAIA_URL; | 84 this.gaiaUrl_ = params.gaiaUrl || this.GAIA_URL; |
| 85 |
| 86 // Sanitize Gaia url before continuing. |
| 87 var scheme = extractProtocol(this.gaiaUrl_); |
| 88 if (scheme != 'https:' && scheme != 'http:') { |
| 89 console.error('Bad Gaia URL, url=' + this.gaiaURL_); |
| 90 return; |
| 91 } |
| 92 |
| 85 this.gaiaPath_ = params.gaiaPath || this.GAIA_PAGE_PATH; | 93 this.gaiaPath_ = params.gaiaPath || this.GAIA_PAGE_PATH; |
| 86 this.inputLang_ = params.hl; | 94 this.inputLang_ = params.hl; |
| 87 this.inputEmail_ = params.email; | 95 this.inputEmail_ = params.email; |
| 88 this.service_ = params.service || this.SERVICE_ID; | 96 this.service_ = params.service || this.SERVICE_ID; |
| 89 this.continueUrl_ = params.continueUrl || this.CONTINUE_URL; | 97 this.continueUrl_ = params.continueUrl || this.CONTINUE_URL; |
| 90 this.desktopMode_ = params.desktopMode == '1'; | 98 this.desktopMode_ = params.desktopMode == '1'; |
| 91 this.isConstrainedWindow_ = params.constrained == '1'; | 99 this.isConstrainedWindow_ = params.constrained == '1'; |
| 92 this.initialFrameUrl_ = params.frameUrl || this.constructInitialFrameUrl_(); | 100 this.initialFrameUrl_ = params.frameUrl || this.constructInitialFrameUrl_(); |
| 93 this.initialFrameUrlWithoutParams_ = stripParams(this.initialFrameUrl_); | 101 this.initialFrameUrlWithoutParams_ = stripParams(this.initialFrameUrl_); |
| 94 this.needPassword_ = params.needPassword == '1'; | 102 this.needPassword_ = params.needPassword == '1'; |
| (...skipping 377 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 472 } else if (msg.method == 'redirectToSignin' && | 480 } else if (msg.method == 'redirectToSignin' && |
| 473 this.isParentMessage_(e)) { | 481 this.isParentMessage_(e)) { |
| 474 $('gaia-frame').src = this.constructInitialFrameUrl_(); | 482 $('gaia-frame').src = this.constructInitialFrameUrl_(); |
| 475 } else { | 483 } else { |
| 476 console.error('Authenticator.onMessage: unknown message + origin!?'); | 484 console.error('Authenticator.onMessage: unknown message + origin!?'); |
| 477 } | 485 } |
| 478 } | 486 } |
| 479 }; | 487 }; |
| 480 | 488 |
| 481 Authenticator.getInstance().initialize(); | 489 Authenticator.getInstance().initialize(); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 888173002:
cros: Restrict gaiaURL to be http and https only. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master