mirror of
https://github.com/TelegramMessenger/Telegram-iOS.git
synced 2026-07-06 03:33:41 +02:00
Make origin check optional
This commit is contained in:
parent
00f87c7b6e
commit
b222387923
2 changed files with 31 additions and 3 deletions
|
|
@ -516,7 +516,12 @@ public final class WebAppController: ViewController, AttachmentContainable {
|
|||
return
|
||||
}
|
||||
#endif*/
|
||||
self.webView?.bindTrustedOrigin(from: url)
|
||||
|
||||
if !"".isEmpty {
|
||||
self.webView?.bindTrustedOrigin(from: url)
|
||||
} else {
|
||||
self.webView?.setupEventProxySource()
|
||||
}
|
||||
self.webView?.load(URLRequest(url: url))
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -43,7 +43,19 @@ private func jsStringLiteral(_ value: String) -> String {
|
|||
return "\"\""
|
||||
}
|
||||
|
||||
private func eventProxySource(trustedOrigin: String) -> String {
|
||||
private func eventProxySource() -> String {
|
||||
return """
|
||||
(function() {
|
||||
var TelegramWebviewProxyProto = function() {};
|
||||
TelegramWebviewProxyProto.prototype.postEvent = function(eventName, eventData) {
|
||||
window.webkit.messageHandlers.performAction.postMessage({'eventName': eventName, 'eventData': eventData});
|
||||
};
|
||||
window.TelegramWebviewProxy = new TelegramWebviewProxyProto();
|
||||
})();
|
||||
"""
|
||||
}
|
||||
|
||||
private func securedEventProxySource(trustedOrigin: String) -> String {
|
||||
return """
|
||||
(function() {
|
||||
if (window.location.origin !== \(jsStringLiteral(trustedOrigin))) {
|
||||
|
|
@ -202,6 +214,7 @@ final class WebAppWebView: WKWebView {
|
|||
print()
|
||||
}
|
||||
|
||||
var useSecuredEventProxy = true
|
||||
func bindTrustedOrigin(from url: URL) {
|
||||
guard self.trustedOrigin == nil else {
|
||||
return
|
||||
|
|
@ -212,7 +225,14 @@ final class WebAppWebView: WKWebView {
|
|||
|
||||
self.trustedOrigin = origin
|
||||
|
||||
let eventProxyScript = WKUserScript(source: eventProxySource(trustedOrigin: origin), injectionTime: .atDocumentStart, forMainFrameOnly: true)
|
||||
let eventProxyScript = WKUserScript(source: securedEventProxySource(trustedOrigin: origin), injectionTime: .atDocumentStart, forMainFrameOnly: true)
|
||||
self.configuration.userContentController.addUserScript(eventProxyScript)
|
||||
}
|
||||
|
||||
func setupEventProxySource() {
|
||||
self.useSecuredEventProxy = false
|
||||
|
||||
let eventProxyScript = WKUserScript(source: eventProxySource(), injectionTime: .atDocumentStart, forMainFrameOnly: true)
|
||||
self.configuration.userContentController.addUserScript(eventProxyScript)
|
||||
}
|
||||
|
||||
|
|
@ -220,6 +240,9 @@ final class WebAppWebView: WKWebView {
|
|||
guard message.frameInfo.isMainFrame else {
|
||||
return false
|
||||
}
|
||||
if !self.useSecuredEventProxy {
|
||||
return true
|
||||
}
|
||||
guard let trustedOrigin = self.trustedOrigin else {
|
||||
return false
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue