Mercurial > hg > shenandoah-preopenjdk-archive > openjdk8 > jdk
changeset 9004:484e16c0a040 jdk8-b123
8004562: Better support for crossdomain.xml
Reviewed-by: herrick, ngthomas, chegar
author | nikgor |
---|---|
date | Tue, 07 Jan 2014 12:17:36 -0800 |
parents | 7e10ee00fe41 |
children | 13b28cffa140 9683419eddef db6e25fee0f7 |
files | src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java |
diffstat | 1 files changed, 47 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Fri Jan 03 11:54:59 2014 -0800 +++ b/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Tue Jan 07 12:17:36 2014 -0800 @@ -541,9 +541,11 @@ * to last and last, respectively, in the case of a POST * request. */ - if (!failedOnce) + if (!failedOnce) { + checkURLFile(); requests.prepend(method + " " + getRequestURI()+" " + httpVersion, null); + } if (!getUseCaches()) { requests.setIfNotSet ("Cache-Control", "no-cache"); requests.setIfNotSet ("Pragma", "no-cache"); @@ -554,7 +556,12 @@ if (port != -1 && port != url.getDefaultPort()) { host += ":" + String.valueOf(port); } - requests.setIfNotSet("Host", host); + String reqHost = requests.findValue("Host"); + if (reqHost == null || + (!reqHost.equalsIgnoreCase(host) && !checkSetHost())) + { + requests.set("Host", host); + } requests.setIfNotSet("Accept", acceptString); /* @@ -671,6 +678,44 @@ } } + private boolean checkSetHost() { + SecurityManager s = System.getSecurityManager(); + if (s != null) { + String name = s.getClass().getName(); + if (name.equals("sun.plugin2.applet.AWTAppletSecurityManager") || + name.equals("sun.plugin2.applet.FXAppletSecurityManager") || + name.equals("com.sun.javaws.security.JavaWebStartSecurity") || + name.equals("sun.plugin.security.ActivatorSecurityManager")) + { + int CHECK_SET_HOST = -2; + try { + s.checkConnect(url.toExternalForm(), CHECK_SET_HOST); + } catch (SecurityException ex) { + return false; + } + } + } + return true; + } + + private void checkURLFile() { + SecurityManager s = System.getSecurityManager(); + if (s != null) { + String name = s.getClass().getName(); + if (name.equals("sun.plugin2.applet.AWTAppletSecurityManager") || + name.equals("sun.plugin2.applet.FXAppletSecurityManager") || + name.equals("com.sun.javaws.security.JavaWebStartSecurity") || + name.equals("sun.plugin.security.ActivatorSecurityManager")) + { + int CHECK_SUBPATH = -3; + try { + s.checkConnect(url.toExternalForm(), CHECK_SUBPATH); + } catch (SecurityException ex) { + throw new SecurityException("denied access outside a permitted URL subpath", ex); + } + } + } + } /** * Create a new HttpClient object, bypassing the cache of