Restrict the cydia JS object to HTTPS.

diff --git a/MobileCydia.mm b/MobileCydia.mm
index f24459b3d3714eec55a0fa62ad03bacf215ece90..1c700e514813ea48470f09fbf0ece70bc6e4197b 100644 (file)
--- a/MobileCydia.mm
+++ b/MobileCydia.mm
@@ -4572,7 +4572,8 @@ static NSString *Warning_;
     NSURLResponse *response([source response]);
 
     NSURL *url([response URL]);
-    //NSString *scheme([url scheme]);
+
+    NSString *scheme([[url scheme] lowercaseString]);
     NSString *host([url host]);
 
     if ([response isKindOfClass:[NSHTTPURLResponse class]]) {
@@ -4581,8 +4582,9 @@ static NSString *Warning_;
         [self setHeaders:headers forHost:host];
     }
 
-    if ([CydiaHosts_ containsObject:host])
-        [window setValue:cydia_ forKey:@"cydia"];
+    if ([scheme isEqualToString:@"https"])
+        if ([CydiaHosts_ containsObject:host])
+            [window setValue:cydia_ forKey:@"cydia"];
 }
 
 - (NSURLRequest *) webView:(WebView *)view resource:(id)resource willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)response fromDataSource:(WebDataSource *)source {