Add osRequestURL and osRequestSecureURL with an options list.
Only currently supported option is "allowXss" which will send the needed Access-control-allow-origin: * header to allow xss scripting against the LSL http server.LSLKeyTest
parent
efa21156f3
commit
e8b46023e4
|
@ -52,6 +52,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
|
|||
public Dictionary<UUID, RequestData> requests;
|
||||
public bool isSsl;
|
||||
public Scene scene;
|
||||
public bool allowXss;
|
||||
}
|
||||
|
||||
public class RequestData
|
||||
|
@ -192,7 +193,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
|
|||
{
|
||||
}
|
||||
|
||||
public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID)
|
||||
public UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options)
|
||||
{
|
||||
UUID urlcode = UUID.Random();
|
||||
|
||||
|
@ -214,6 +215,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
|
|||
urlData.isSsl = false;
|
||||
urlData.requests = new Dictionary<UUID, RequestData>();
|
||||
urlData.scene = host.ParentGroup.Scene;
|
||||
urlData.allowXss = false;
|
||||
|
||||
if (options != null && options["allowXss"] != null)
|
||||
urlData.allowXss = true;
|
||||
|
||||
m_UrlMap[url] = urlData;
|
||||
|
||||
|
@ -234,7 +239,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
|
|||
return urlcode;
|
||||
}
|
||||
|
||||
public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID)
|
||||
public UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options)
|
||||
{
|
||||
UUID urlcode = UUID.Random();
|
||||
|
||||
|
@ -261,7 +266,10 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
|
|||
urlData.urlcode = urlcode;
|
||||
urlData.isSsl = true;
|
||||
urlData.requests = new Dictionary<UUID, RequestData>();
|
||||
urlData.allowXss = false;
|
||||
|
||||
if (options != null && options["allowXss"] != null)
|
||||
urlData.allowXss = true;
|
||||
|
||||
m_UrlMap[url] = urlData;
|
||||
|
||||
|
@ -559,6 +567,7 @@ namespace OpenSim.Region.CoreModules.Scripting.LSLHttp
|
|||
response["keepalive"] = false;
|
||||
response["reusecontext"] = false;
|
||||
|
||||
if (url.allowXss)
|
||||
response["access_control_allow_origin"] = "*";
|
||||
|
||||
//remove from map
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
using System.Collections;
|
||||
using System.Collections.Generic;
|
||||
using OpenMetaverse;
|
||||
using OpenSim.Framework;
|
||||
|
@ -35,8 +36,8 @@ namespace OpenSim.Region.Framework.Interfaces
|
|||
public interface IUrlModule
|
||||
{
|
||||
string ExternalHostNameForLSL { get; }
|
||||
UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID);
|
||||
UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID);
|
||||
UUID RequestURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options);
|
||||
UUID RequestSecureURL(IScriptModule engine, SceneObjectPart host, UUID itemID, Hashtable options);
|
||||
void ReleaseURL(string url);
|
||||
void HttpResponse(UUID request, int status, string body);
|
||||
void HttpContentType(UUID request, string type);
|
||||
|
|
|
@ -12039,7 +12039,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
|||
{
|
||||
m_host.AddScriptLPS(1);
|
||||
if (m_UrlModule != null)
|
||||
return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID).ToString();
|
||||
return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, null).ToString();
|
||||
return UUID.Zero.ToString();
|
||||
}
|
||||
|
||||
|
@ -12157,7 +12157,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
|||
m_host.AddScriptLPS(1);
|
||||
|
||||
if (m_UrlModule != null)
|
||||
return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID).ToString();
|
||||
return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, null).ToString();
|
||||
return UUID.Zero.ToString();
|
||||
}
|
||||
|
||||
|
|
|
@ -4134,5 +4134,41 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
public LSL_String osRequestURL(LSL_List options)
|
||||
{
|
||||
CheckThreatLevel(ThreatLevel.Moderate, "osRequestSecureURL");
|
||||
m_host.AddScriptLPS(1);
|
||||
|
||||
Hashtable opts = new Hashtable();
|
||||
for (int i = 0 ; i < options.Length ; i++)
|
||||
{
|
||||
object opt = options.Data[i];
|
||||
if (opt.ToString() == "allowXss")
|
||||
opts["allowXss"] = true;
|
||||
}
|
||||
|
||||
if (m_UrlModule != null)
|
||||
return m_UrlModule.RequestURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, opts).ToString();
|
||||
return UUID.Zero.ToString();
|
||||
}
|
||||
|
||||
public LSL_String osRequestSecureURL(LSL_List options)
|
||||
{
|
||||
CheckThreatLevel(ThreatLevel.Moderate, "osRequestSecureURL");
|
||||
m_host.AddScriptLPS(1);
|
||||
|
||||
Hashtable opts = new Hashtable();
|
||||
for (int i = 0 ; i < options.Length ; i++)
|
||||
{
|
||||
object opt = options.Data[i];
|
||||
if (opt.ToString() == "allowXss")
|
||||
opts["allowXss"] = true;
|
||||
}
|
||||
|
||||
if (m_UrlModule != null)
|
||||
return m_UrlModule.RequestSecureURL(m_ScriptEngine.ScriptModule, m_host, m_item.ItemID, opts).ToString();
|
||||
return UUID.Zero.ToString();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -468,5 +468,8 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api.Interfaces
|
|||
/// <param name="regex">string to use as pattern</param>
|
||||
/// <returns>boolean</returns>
|
||||
LSL_Integer osRegexIsMatch(string input, string pattern);
|
||||
|
||||
LSL_String osRequestURL(LSL_List options);
|
||||
LSL_String osRequestSecureURL(LSL_List options);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1054,5 +1054,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.ScriptBase
|
|||
{
|
||||
return m_OSSL_Functions.osRegexIsMatch(input, pattern);
|
||||
}
|
||||
|
||||
public LSL_String osRequestURL(LSL_List options)
|
||||
{
|
||||
return m_OSSL_Functions.osRequestURL(options);
|
||||
}
|
||||
|
||||
public LSL_String osRequestSecureURL(LSL_List options)
|
||||
{
|
||||
return m_OSSL_Functions.osRequestSecureURL(options);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue