2009-03-04 Atsushi Enomoto <atsushi@ximian.com>

	* CrossDomainAccessManager.cs : replace reflection-based
	  Uri retrieval with actually working one.

	* HttpRequestChannel.cs : use cross domain access manager.

svn path=/trunk/mcs/; revision=128581

diff --git a/mcs/class/System.ServiceModel/System.ServiceModel.Channels/ChangeLog b/mcs/class/System.ServiceModel/System.ServiceModel.Channels/ChangeLog
index 13a67ae88f068e1411ee31dcf26c17a7c33f5ed3..1bec2208e15b43ed09c23f59eaedea4fd5ecd5c3 100755 (executable)
--- a/mcs/class/System.ServiceModel/System.ServiceModel.Channels/ChangeLog
+++ b/mcs/class/System.ServiceModel/System.ServiceModel.Channels/ChangeLog
@@ -1,3 +1,7 @@
+2009-03-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+       * HttpRequestChannel.cs : use cross domain access manager.
+
 2009-02-27  Atsushi Enomoto  <atsushi@ximian.com>
 
        * Message.cs : (in CreateBufferedCopy) do not pass the entire

diff --git a/mcs/class/System.ServiceModel/System.ServiceModel.Channels/HttpRequestChannel.cs b/mcs/class/System.ServiceModel/System.ServiceModel.Channels/HttpRequestChannel.cs
index 39e01ff82d4ad655a702d3bed4c2bbedca7e0f2d..1d6049659e7247b1fa3336358919a915799e9898 100644 (file)
--- a/mcs/class/System.ServiceModel/System.ServiceModel.Channels/HttpRequestChannel.cs
+++ b/mcs/class/System.ServiceModel/System.ServiceModel.Channels/HttpRequestChannel.cs
@@ -128,6 +128,14 @@ namespace System.ServiceModel.Channels
 #if !NET_2_1
                                web_request.ContentLength = (int) buffer.Length;
 #endif
+
+#if NET_2_1
+                               // We can verify cross domain access policy 
+                               // with full set of headers and target URL.
+                               if (!CrossDomainAccessManager.Current.IsAllowed (destination, web_request.Headers.AllKeys))
+                                       throw new InvalidOperationException (String.Format ("Cross domain web service access to {0} is not allowed", destination));
+#endif
+
                                Stream requestStream = web_request.EndGetRequestStream (web_request.BeginGetRequestStream (null, null));
                                requestStream.Write (buffer.GetBuffer (), 0, (int) buffer.Length);
                                requestStream.Close ();

diff --git a/mcs/class/System.ServiceModel/System.ServiceModel/ChangeLog b/mcs/class/System.ServiceModel/System.ServiceModel/ChangeLog
index 643049fbf397e39d424f00131eb1ba13d498b80c..c0f90c8a8cf1416811506f2e85a2687d4aafdc73 100755 (executable)
--- a/mcs/class/System.ServiceModel/System.ServiceModel/ChangeLog
+++ b/mcs/class/System.ServiceModel/System.ServiceModel/ChangeLog
@@ -1,3 +1,8 @@
+2009-03-04  Atsushi Enomoto  <atsushi@ximian.com>
+
+       * CrossDomainAccessManager.cs : replace reflection-based
+         Uri retrieval with actually working one.
+
 2009-03-04  Atsushi Enomoto  <atsushi@ximian.com>
 
        * CrossDomainAccessManager.cs : 2.1 WebRequest misses some

diff --git a/mcs/class/System.ServiceModel/System.ServiceModel/CrossDomainAccessManager.cs b/mcs/class/System.ServiceModel/System.ServiceModel/CrossDomainAccessManager.cs
index 1eb0b97313f443eeed458a72c2909528dc85e153..eb9cef9525429151386633432d81daa0a24fb0f1 100644 (file)
--- a/mcs/class/System.ServiceModel/System.ServiceModel/CrossDomainAccessManager.cs
+++ b/mcs/class/System.ServiceModel/System.ServiceModel/CrossDomainAccessManager.cs
@@ -65,16 +65,16 @@ namespace System.ServiceModel
 
                static Uri GetApplicationDocumentUri ()
                {
-                       var assembly = Assembly.Load ("System.Windows.Browser, Version=2.0.5.0, Culture=Neutral, PublicKeyToken=7cec85d7bea7798e");
+                       var assembly = Assembly.Load ("System.Windows, Version=2.0.5.0, Culture=Neutral, PublicKeyToken=7cec85d7bea7798e");
                        if (assembly == null)
-                               throw new InvalidOperationException ("Can not load System.Windows.Browser");
+                               throw new InvalidOperationException ("Can not load System.Windows.dll");
 
-                       var type = assembly.GetType ("System.Windows.Browser.HtmlPage");
+                       var type = assembly.GetType ("System.Windows.Interop.PluginHost");
                        if (type == null)
                                throw new InvalidOperationException ("Can not get HtmlPage");
 
-                       object document = type.GetProperty ("Document").GetValue (null, null);
-                       return (Uri) document.GetType ().GetProperty ("DocumentUri").GetValue (document, null);
+                       var prop = type.GetProperty ("RootUri");
+                       return (Uri) prop.GetValue (null, null);
                }
 
                public static CrossDomainAccessManager CreateForUri (Uri applicationUri)
@@ -130,7 +130,6 @@ namespace System.ServiceModel
 
                public bool IsAllowed (Uri uri, params string [] headerKeys)
                {
-
                        if (uri.Host == ApplicationUri.Host)
                                return true;
 
@@ -144,6 +143,7 @@ namespace System.ServiceModel
                        }
                        else if (Domain != null) {
                        }
+Console.WriteLine ("##### Cross Domain Access Manager rejected '{0}' with headers {1}", uri, String.Join (",", headerKeys));
                        return false;
                }
        }