From 19eb4e39710bfe12749b032d02067c09bea89075 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 7 Jul 2015 22:06:37 -0700 Subject: [PATCH] GUAC-1083: Clarify new optional parameter for controlling CORS within Guacamole.HTTPTunnel. --- .../src/main/webapp/modules/Tunnel.js | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/guacamole-common-js/src/main/webapp/modules/Tunnel.js b/guacamole-common-js/src/main/webapp/modules/Tunnel.js index 03a420138..e4db1d7d9 100644 --- a/guacamole-common-js/src/main/webapp/modules/Tunnel.js +++ b/guacamole-common-js/src/main/webapp/modules/Tunnel.js @@ -137,10 +137,16 @@ Guacamole.Tunnel.State = { * * @constructor * @augments Guacamole.Tunnel - * @param {String} tunnelURL The URL of the HTTP tunneling service. - * @param {Boolean} withCredentials HTTP requests 'withCredentials' header value. + * + * @param {String} tunnelURL + * The URL of the HTTP tunneling service. + * + * @param {Boolean} [crossDomain=false] + * Whether tunnel requests will be cross-domain, and thus must use CORS + * mechanisms and headers. By default, it is assumed that tunnel requests + * will be made to the same domain. */ -Guacamole.HTTPTunnel = function(tunnelURL, withCredentials) { +Guacamole.HTTPTunnel = function(tunnelURL, crossDomain) { /** * Reference to this HTTP tunnel. @@ -163,7 +169,9 @@ Guacamole.HTTPTunnel = function(tunnelURL, withCredentials) { var sendingMessages = false; var outputMessageBuffer = ""; - withCredentials = !!withCredentials; + // If requests are expected to be cross-domain, the cookie that the HTTP + // tunnel depends on will only be sent if withCredentials is true + var withCredentials = !!crossDomain; /** * The current receive timeout ID, if any.