Enable Super Dev Mode hook by default
Set devModeRedirectEnabled to true by default in CrossSiteIframeLinker, and
as a security measure also default devModeUrlWhitelistRegexp to only allow
localhost and 127.0.0.1 on HTTP.
Bug: issue 8413
Change-Id: I9b27419ab69d4f82258429a5d5f258047d33e5ee
(cherry picked from commit 1255ea46fca8751e9907af60bbc7ad174c42f96a)
diff --git a/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java b/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
index 446a93f..39f4eea 100644
--- a/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
+++ b/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
@@ -237,8 +237,7 @@
*/
protected String getJsDevModeRedirectHook(LinkerContext context) {
// Enable Super Dev Mode for this app if the devModeRedirectEnabled config property is true.
- // TODO(skybrian) Change the default to enabled once we're sure it's safe.
- if (getBooleanConfigurationProperty(context, "devModeRedirectEnabled", false)) {
+ if (getBooleanConfigurationProperty(context, "devModeRedirectEnabled", true)) {
return "com/google/gwt/core/linker/DevModeRedirectHook.js";
} else {
return "";
@@ -254,7 +253,8 @@
protected String getJsDevModeUrlValidation(LinkerContext context) {
// As a default, if the user provides devModeUrlWhitelistRegexp, then we verify that it
// matches devModeUrl.
- String regexp = getStringConfigurationProperty(context, "devModeUrlWhitelistRegexp", "");
+ String regexp = getStringConfigurationProperty(context, "devModeUrlWhitelistRegexp",
+ "http://(localhost|127\\.0\\.0\\.1)(:\\d+)?/.*");
if (!regexp.isEmpty()) {
return ""
+ "if (!/^" + regexp.replace("/", "\\/") + "$/.test(devModeUrl)) {\n"
diff --git a/user/src/com/google/gwt/user/tools/templates/sample/_srcFolder_/_moduleFolder_/_moduleShortName_.gwt.xmlsrc b/user/src/com/google/gwt/user/tools/templates/sample/_srcFolder_/_moduleFolder_/_moduleShortName_.gwt.xmlsrc
index e836953..911ba20 100644
--- a/user/src/com/google/gwt/user/tools/templates/sample/_srcFolder_/_moduleFolder_/_moduleShortName_.gwt.xmlsrc
+++ b/user/src/com/google/gwt/user/tools/templates/sample/_srcFolder_/_moduleFolder_/_moduleShortName_.gwt.xmlsrc
@@ -22,5 +22,4 @@
<!-- allow Super Dev Mode -->
<add-linker name="xsiframe"/>
- <set-configuration-property name="devModeRedirectEnabled" value="true"/>
</module>