Merge pull request #595 from AzureAD/issues/copy-over-whitelist-fix

RPangrle · RPangrle · commit 9164e2d87987 · 2016-04-12T18:35:55.000-07:00
Copy over fix for whitelisting "about:blank"
diff --git a/ADALiOS/ADALiOS/ADAuthenticationWebViewController.m b/ADALiOS/ADALiOS/ADAuthenticationWebViewController.m
@@ -124,6 +124,12 @@ - (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)
     }
     
     NSString *requestURL = [request.URL absoluteString];
+    
+    if ([requestURL caseInsensitiveCompare:@"about:blank"] == NSOrderedSame)
+    {
+        return NO;
+    }
+    
     if ([[[request.URL scheme] lowercaseString] isEqualToString:@"browser"]) {
         _complete = YES;
         dispatch_async( dispatch_get_main_queue(), ^{[_delegate webAuthenticationDidCancel];});
@@ -160,7 +166,7 @@ - (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)
     }
     
     // redirecting to non-https url is not allowed
-    if (![requestURL hasPrefix: @"https"])
+    if ([request.URL.scheme caseInsensitiveCompare:@"https"] != NSOrderedSame)
     {
         AD_LOG_ERROR(@"Server is redirecting to a non-https url", AD_ERROR_NON_HTTPS_REDIRECT, nil);
         _complete = YES;

Original file line number	Diff line number	Diff line change
`@@ -124,6 +124,12 @@ - (BOOL)webView:(UIWebView )webView shouldStartLoadWithRequest:(NSURLRequest )`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`NSString *requestURL = [request.URL absoluteString];`
	`127`	`+`
	`128`	`+ if ([requestURL caseInsensitiveCompare:@"about:blank"] == NSOrderedSame)`
	`129`	`+ {`
	`130`	`+ return NO;`
	`131`	`+ }`
	`132`	`+`
`127`	`133`	`if ([[[request.URL scheme] lowercaseString] isEqualToString:@"browser"]) {`
`128`	`134`	`_complete = YES;`
`129`	`135`	`dispatch_async( dispatch_get_main_queue(), ^{[_delegate webAuthenticationDidCancel];});`
`@@ -160,7 +166,7 @@ - (BOOL)webView:(UIWebView )webView shouldStartLoadWithRequest:(NSURLRequest )`
`160`	`166`	`}`
`161`	`167`
`162`	`168`	`// redirecting to non-https url is not allowed`
`163`		`- if (![requestURL hasPrefix: @"https"])`
	`169`	`+ if ([request.URL.scheme caseInsensitiveCompare:@"https"] != NSOrderedSame)`
`164`	`170`	`{`
`165`	`171`	`AD_LOG_ERROR(@"Server is redirecting to a non-https url", AD_ERROR_NON_HTTPS_REDIRECT, nil);`
`166`	`172`	`_complete = YES;`