Goyslop/4chan-x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add option to disable mixed content security, workaround for ajax restrictions

Browse Source
This commit is contained in:
ccd0 2014-08-03 19:53:01 -07:00
parent e70cdc620a
commit 790a62d1bd
5 changed files with 96 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Archive/Redirect.coffee
View File

@ -54,8 +54,8 @@ Redirect =
# For fuuka-based archives: # For fuuka-based archives:
# https://github.com/eksopl/fuuka/issues/27 # https://github.com/eksopl/fuuka/issues/27
protocol = Redirect.protocol archive protocol = Redirect.protocol archive
return '' unless protocol is 'https://' or location.protocol is 'http:'
URL = new String "#{protocol}#{archive.domain}/_/api/chan/post/?board=#{boardID}&num=#{postID}" URL = new String "#{protocol}#{archive.domain}/_/api/chan/post/?board=#{boardID}&num=#{postID}"
return '' unless Redirect.securityCheck URL
URL.archive = archive URL.archive = archive
URL URL
@ -76,10 +76,14 @@ Redirect =
"#{boardID}/?task=search2&search_#{if type is 'image' then 'media_hash' else type}=#{value}" "#{boardID}/?task=search2&search_#{if type is 'image' then 'media_hash' else type}=#{value}"
"#{Redirect.protocol archive}#{archive.domain}/#{path}" "#{Redirect.protocol archive}#{archive.domain}/#{path}"
navigate: (URL, alternative) -> securityCheck: (URL) ->
if URL and (
/^https:\/\//.test(URL) or /^https:\/\//.test(URL) or
location.protocol is 'http:' or location.protocol is 'http:' or
Conf['Allow Mixed Content from Archives']
navigate: (URL, alternative) ->
if URL and (
Redirect.securityCheck(URL) or
confirm "Redirect to #{URL}?\n\nYour connection will not be encrypted." confirm "Redirect to #{URL}?\n\nYour connection will not be encrypted."
) )
location.replace URL location.replace URL

4
src/General/Config.coffee
View File

@ -29,6 +29,10 @@ Config =
true true
'Redirect dead threads and images.' 'Redirect dead threads and images.'
] ]
'Allow Mixed Content from Archives': [
false
'Permit warningless access to HTTP-only archives from HTTPS pages.'
]
'Keybinds': [ 'Keybinds': [
true true
'Bind actions to keyboard shortcuts.' 'Bind actions to keyboard shortcuts.'

35
src/General/CrossOrigin.coffee
View File

@ -1,5 +1,5 @@
CrossOrigin = do -> CrossOrigin =
file: do ->
makeBlob = (urlBlob, contentType, contentDisposition, url) -> makeBlob = (urlBlob, contentType, contentDisposition, url) ->
name = url.match(/([^\/]+)\/*$/)?[1] name = url.match(/([^\/]+)\/*$/)?[1]
mime = contentType?.match(/[^;]*/)[0] or 'application/octet-stream' mime = contentType?.match(/[^;]*/)[0] or 'application/octet-stream'
@ -12,7 +12,7 @@ CrossOrigin = do ->
blob.name = name blob.name = name
blob blob
file = (url, cb) -> (url, cb) ->
<% if (type === 'crx') { %> <% if (type === 'crx') { %>
$.ajax url, $.ajax url,
responseType: 'blob' responseType: 'blob'
@ -43,4 +43,31 @@ CrossOrigin = do ->
cb null cb null
<% } %> <% } %>
{file} json: do ->
callbacks = {}
responses = {}
(url, cb) ->
<% if (type === 'crx') { %>
$.cache url, (-> cb @response), responseType: 'json'
<% } %>
<% if (type === 'userscript') { %>
if responses[url]
cb responses[url]
return
if callbacks[url]
callbacks[url].push cb
return
callbacks[url] = [cb]
GM_xmlhttpRequest
method: "GET"
url: url
onload: (xhr) ->
response = JSON.parse xhr.responseText
cb response for cb in callbacks[url]
delete callbacks[url]
responses[url] = response
onerror: ->
delete callbacks[url]
onabort: ->
delete callbacks[url]
<% } %>

11
src/General/Get.coffee
View File

@ -132,20 +132,25 @@ Get =
Get.insert post, root, context Get.insert post, root, context
archivedPost: (boardID, postID, root, context) -> archivedPost: (boardID, postID, root, context) ->
return false unless url = Redirect.to 'post', {boardID, postID} return false unless url = Redirect.to 'post', {boardID, postID}
if /^https:\/\//.test(URL) or location.protocol is 'http:'
$.cache url, $.cache url,
-> Get.parseArchivedPost @, boardID, postID, root, context -> Get.parseArchivedPost @response, boardID, postID, root, context
, ,
responseType: 'json' responseType: 'json'
withCredentials: url.archive.withCredentials withCredentials: url.archive.withCredentials
return true return true
parseArchivedPost: (req, boardID, postID, root, context) -> else if Conf['Allow Mixed Content from Archives']
CrossOrigin.json url, (response) ->
Get.parseArchivedPost response, boardID, postID, root, context
return true
return false
parseArchivedPost: (data, boardID, postID, root, context) ->
# In case of multiple callbacks for the same request, # In case of multiple callbacks for the same request,
# don't parse the same original post more than once. # don't parse the same original post more than once.
if post = g.posts["#{boardID}.#{postID}"] if post = g.posts["#{boardID}.#{postID}"]
Get.insert post, root, context Get.insert post, root, context
return return
data = req.response
if data.error if data.error
$.addClass root, 'warning' $.addClass root, 'warning'
root.textContent = data.error root.textContent = data.error

2
src/Images/ImageCommon.coffee
View File

@ -12,7 +12,7 @@ ImageCommon =
URL = Redirect.to 'file', URL = Redirect.to 'file',
boardID: post.board.ID boardID: post.board.ID
filename: src[src.length - 1] filename: src[src.length - 1]
unless URL and (/^https:\/\//.test(URL) or location.protocol is 'http:') unless URL and Redirect.securityCheck URL
URL = null URL = null
return cb URL if (post.isDead or post.file.isDead) and file.src.split('/')[2] is 'i.4cdn.org' return cb URL if (post.isDead or post.file.isDead) and file.src.split('/')[2] is 'i.4cdn.org'