From 8d4e413e2c89d3d1d88fbfe64dd1110e0323cb64 Mon Sep 17 00:00:00 2001 From: david Date: Wed, 11 Feb 2015 11:03:00 +0200 Subject: [PATCH 1/2] GUAC-1083: Add CORS support to Guacamole.HTTPTunnel --- guacamole-common-js/src/main/webapp/modules/Tunnel.js | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/guacamole-common-js/src/main/webapp/modules/Tunnel.js b/guacamole-common-js/src/main/webapp/modules/Tunnel.js index 91b13713a..03a420138 100644 --- a/guacamole-common-js/src/main/webapp/modules/Tunnel.js +++ b/guacamole-common-js/src/main/webapp/modules/Tunnel.js @@ -138,8 +138,9 @@ Guacamole.Tunnel.State = { * @constructor * @augments Guacamole.Tunnel * @param {String} tunnelURL The URL of the HTTP tunneling service. + * @param {Boolean} withCredentials HTTP requests 'withCredentials' header value. */ -Guacamole.HTTPTunnel = function(tunnelURL) { +Guacamole.HTTPTunnel = function(tunnelURL, withCredentials) { /** * Reference to this HTTP tunnel. @@ -162,6 +163,8 @@ Guacamole.HTTPTunnel = function(tunnelURL) { var sendingMessages = false; var outputMessageBuffer = ""; + withCredentials = !!withCredentials; + /** * The current receive timeout ID, if any. * @private @@ -278,6 +281,7 @@ Guacamole.HTTPTunnel = function(tunnelURL) { var message_xmlhttprequest = new XMLHttpRequest(); message_xmlhttprequest.open("POST", TUNNEL_WRITE + tunnel_uuid); + message_xmlhttprequest.withCredentials = withCredentials; message_xmlhttprequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=UTF-8"); // Once response received, send next queued event. @@ -508,6 +512,7 @@ Guacamole.HTTPTunnel = function(tunnelURL) { // Make request, increment request ID var xmlhttprequest = new XMLHttpRequest(); xmlhttprequest.open("GET", TUNNEL_READ + tunnel_uuid + ":" + (request_id++)); + xmlhttprequest.withCredentials = withCredentials; xmlhttprequest.send(null); return xmlhttprequest; @@ -547,6 +552,7 @@ Guacamole.HTTPTunnel = function(tunnelURL) { }; connect_xmlhttprequest.open("POST", TUNNEL_CONNECT, true); + connect_xmlhttprequest.withCredentials = withCredentials; connect_xmlhttprequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=UTF-8"); connect_xmlhttprequest.send(data); From 19eb4e39710bfe12749b032d02067c09bea89075 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 7 Jul 2015 22:06:37 -0700 Subject: [PATCH 2/2] GUAC-1083: Clarify new optional parameter for controlling CORS within Guacamole.HTTPTunnel. --- .../src/main/webapp/modules/Tunnel.js | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/guacamole-common-js/src/main/webapp/modules/Tunnel.js b/guacamole-common-js/src/main/webapp/modules/Tunnel.js index 03a420138..e4db1d7d9 100644 --- a/guacamole-common-js/src/main/webapp/modules/Tunnel.js +++ b/guacamole-common-js/src/main/webapp/modules/Tunnel.js @@ -137,10 +137,16 @@ Guacamole.Tunnel.State = { * * @constructor * @augments Guacamole.Tunnel - * @param {String} tunnelURL The URL of the HTTP tunneling service. - * @param {Boolean} withCredentials HTTP requests 'withCredentials' header value. + * + * @param {String} tunnelURL + * The URL of the HTTP tunneling service. + * + * @param {Boolean} [crossDomain=false] + * Whether tunnel requests will be cross-domain, and thus must use CORS + * mechanisms and headers. By default, it is assumed that tunnel requests + * will be made to the same domain. */ -Guacamole.HTTPTunnel = function(tunnelURL, withCredentials) { +Guacamole.HTTPTunnel = function(tunnelURL, crossDomain) { /** * Reference to this HTTP tunnel. @@ -163,7 +169,9 @@ Guacamole.HTTPTunnel = function(tunnelURL, withCredentials) { var sendingMessages = false; var outputMessageBuffer = ""; - withCredentials = !!withCredentials; + // If requests are expected to be cross-domain, the cookie that the HTTP + // tunnel depends on will only be sent if withCredentials is true + var withCredentials = !!crossDomain; /** * The current receive timeout ID, if any.