Merge branch 'master' of https://github.com/Psiphon-Labs/psiphon-tunnel-core

MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/PsiphonTunnel.h

@@ -111,11 +111,13 @@ typedef NS_ENUM(NSInteger, PsiphonConnectionState)
  See the tunnel-core config code for details about the fields.
  https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/master/psiphon/config.go
 
- @return  JSON string with config that should used to run the Psiphon tunnel, or NULL on error.
+ @return Either JSON NSString with config that should be used to run the Psiphon tunnel,
+         or return already parsed JSON as NSDictionary,
+         or nil on error.
 
- Swift: @code func getPsiphonConfig() -> String? @endcode
+ Swift: @code func getPsiphonConfig() -> Any? @endcode
  */
-- (NSString * _Nullable)getPsiphonConfig;
+- (id _Nullable)getPsiphonConfig;
 
 /*!
  Called when the tunnel is starting to get the initial server entries (typically embedded in the app) that will be used to bootstrap the Psiphon tunnel connection. This value is in a particular format and will be supplied by Psiphon Inc.

MobileLibrary/iOS/PsiphonTunnel/PsiphonTunnel/PsiphonTunnel.m

@@ -392,30 +392,42 @@
         return nil;
     }
 
-    __block NSString *configStr = nil;
+    __block id configObject = nil;
     dispatch_sync(self->callbackQueue, ^{
-        configStr = [self.tunneledAppDelegate getPsiphonConfig];
+        configObject = [self.tunneledAppDelegate getPsiphonConfig];
     });
-    if (configStr == nil) {
+    
+    if (configObject == nil) {
         [self logMessage:@"Error getting config from delegate"];
         return nil;
     }
     
     __block NSDictionary *initialConfig = nil;
-    id block = ^(id obj, BOOL *ignored) {
-        if (ignored == nil || *ignored == YES) {
-            return;
-        }
-        initialConfig = (NSDictionary *)obj;
-    };
     
-    id eh = ^(NSError *err) {
-        initialConfig = nil;
-        [self logMessage:[NSString stringWithFormat: @"Config JSON parse failed: %@", err.description]];
-    };
-    
-    id parser = [SBJson4Parser parserWithBlock:block allowMultiRoot:NO unwrapRootArray:NO errorHandler:eh];
-    [parser parse:[configStr dataUsingEncoding:NSUTF8StringEncoding]];
+    if ([configObject isKindOfClass:[NSString class]]) {
+        
+        id block = ^(id obj, BOOL *ignored) {
+            if (ignored == nil || *ignored == YES) {
+                return;
+            }
+            initialConfig = (NSDictionary *)obj;
+        };
+        
+        id eh = ^(NSError *err) {
+            initialConfig = nil;
+            [self logMessage:[NSString stringWithFormat: @"Config JSON parse failed: %@", err.description]];
+        };
+        
+        id parser = [SBJson4Parser parserWithBlock:block allowMultiRoot:NO unwrapRootArray:NO errorHandler:eh];
+        [parser parse:[(NSString *)configObject dataUsingEncoding:NSUTF8StringEncoding]];
+        
+    } else if ([configObject isKindOfClass:[NSDictionary class]]) {
+        
+        initialConfig = (NSDictionary *) configObject;
+        
+    } else {
+        [self logMessage:@"getPsiphonConfig should either return an NSDictionary object or an NSString object"];
+    }
     
     if (initialConfig == nil) {
         return nil;

MobileLibrary/iOS/SampleApps/TunneledWebView/External/JiveAuthenticatingHTTPProtocol/JAHPAuthenticatingHTTPProtocol.m

@@ -279,7 +279,13 @@ static NSString * kJAHPRecursiveRequestFlagProperty = @"com.jivesoftware.JAHPAut
             [self authenticatingHTTPProtocol:nil logWithFormat:@"decline request %@ (no scheme)", url];
         }
     }
-    
+
+    // Do not try and handle requests to localhost
+
+    if (shouldAccept) {
+        shouldAccept = (![[url host] isEqualToString:@"127.0.0.1"]);
+    }
+
     // Look for "http" or "https".
     //
     // Flip either or both of the following to YESes to control which schemes go through this custom

MobileLibrary/iOS/SampleApps/TunneledWebView/README.md

@@ -58,6 +58,8 @@ is found in the header of the response, we need to modify it to allow our inject
 CSP](https://github.com/Psiphon-Inc/endless/blob/b0c33b4bbd917467a849ad8c51a225c2d4dab260/External/JiveAuthenticatingHTTPProtocol/JAHPAuthenticatingHTTPProtocol.m#L1184-L1228) 
 to include a nonce generated for our injected javascript, which is [included in the script tag](https://github.com/Psiphon-Inc/endless/blob/b0c33b4bbd917467a849ad8c51a225c2d4dab260/External/JiveAuthenticatingHTTPProtocol/JAHPAuthenticatingHTTPProtocol.m#L1276).
 
+*Requests to localhost (`127.0.0.1`) should be [excluded from being proxied](https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/master/MobileLibrary/iOS/SampleApps/TunneledWebView/External/JiveAuthenticatingHTTPProtocol/JAHPAuthenticatingHTTPProtocol.m#L283-L287) so the system does not attempt to proxy loading the rewritten URLs. They will be correctly proxied through PsiphonTunnel's reverse proxy.*
+
 ## Configuring, Building, Running
 
 The sample app requires some extra files and configuration before building.