Wapp

Check-in [8b769e4771]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improvements to the same-origin detection logic.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:8b769e47710ef1cbd8ee002bedcf701aebd30dd9a86ed4ce3e2c250925eed672
User & Date: drh 2018-02-07 20:00:11
Context
2018-02-07
23:53
Fix documentation typos reported by Andreas Kupries. check-in: 7afff168cb user: drh tags: trunk
20:00
Improvements to the same-origin detection logic. check-in: 8b769e4771 user: drh tags: trunk
18:33
More documentation updates check-in: f6b7dbaa54 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to wapp.tcl.

610
611
612
613
614
615
616

617
618
619
620
621
622

623
624
625
626
627
628
629
      set qsplit [split [string trim $qterm] =]
      set nm [lindex $qsplit 0]
      if {[regexp {^[a-z][-a-z0-9_]*$} $nm]} {
        dict set wapp $nm [wappInt-decode-url [lindex $qsplit 1]]
      }
    }
  }

  if {[dict exists $wapp HTTP_REFERER]
   && [string match [dict get $wapp BASE_URL]/* [dict get $wapp HTTP_REFERER]]
  } {
    set same_origin 1
  } else {
    set same_origin 0

  }
  dict set wapp SAME_ORIGIN $same_origin
  if {$same_origin} {
    wappInt-decode-query-params
  }

  # Invoke the application-defined handler procedure for this page







>
|
|
<
|
|
|
>







610
611
612
613
614
615
616
617
618
619

620
621
622
623
624
625
626
627
628
629
630
      set qsplit [split [string trim $qterm] =]
      set nm [lindex $qsplit 0]
      if {[regexp {^[a-z][-a-z0-9_]*$} $nm]} {
        dict set wapp $nm [wappInt-decode-url [lindex $qsplit 1]]
      }
    }
  }
  set same_origin 0
  if {[dict exists $wapp HTTP_REFERER]} {
    set referer [dict get $wapp HTTP_REFERER]

    set base [dict get $wapp BASE_URL]
    if {$referer==$base || [string match $base/* $referer]} {
      set same_origin 1
    }
  }
  dict set wapp SAME_ORIGIN $same_origin
  if {$same_origin} {
    wappInt-decode-query-params
  }

  # Invoke the application-defined handler procedure for this page