Allowing/disallowing subdomains

README.md

@@ -394,6 +394,13 @@ If you want to serve sites or just single resources over plain `http` instead of
 
    }
    ```
+
+ * Stricter whitelist matching (allow only specified domains, without subdomains):
+
+ ```java
+ mWebView.addPermittedHostname("example.org"); // will match example.org, www.example.org, example2.example.org, etc.
+ mWebView.setAllowSubdomains(false);           // will only match example.org
+ ```
 
 ## Contributing
 

Source/library/src/main/java/im/delight/android/webview/AdvancedWebView.java

@@ -80,6 +80,7 @@ public interface Listener {
 	protected WeakReference<Activity> mActivity;
 	protected WeakReference<Fragment> mFragment;
 	protected Listener mListener;
+	protected boolean mAllowSubdomains = true;
 	protected final List<String> mPermittedHostnames = new LinkedList<String>();
 	/** File upload callback for platform versions prior to Android 5.0 */
 	protected ValueCallback<Uri> mFileUploadCallbackFirst;
@@ -340,6 +341,14 @@ public void addHttpHeader(final String name, final String value) {
 	public void removeHttpHeader(final String name) {
 		mHttpHeaders.remove(name);
 	}
+
+	public void setAllowSubdomains(boolean b){
+		mAllowSubdomains = b;
+	}
+
+	public boolean getAllowSubdomains(){
+		return mAllowSubdomains;
+	}
 
 	public void addPermittedHostname(String hostname) {
 		mPermittedHostnames.add(hostname);
@@ -503,7 +512,7 @@ public void onReceivedError(WebView view, int errorCode, String description, Str
 
 			@Override
 			public boolean shouldOverrideUrlLoading(final WebView view, final String url) {
-				if (!isPermittedUrl(url)) {
+				if (!isPermittedUrl(url, mAllowSubdomains)) {
 					// if a listener is available
 					if (mListener != null) {
 						// inform the listener about the request
@@ -1106,8 +1115,12 @@ protected static String makeUrlUnique(final String url) {
 
 		return unique.toString();
 	}
-
+	
 	public boolean isPermittedUrl(final String url) {
+		isPermittedUrl(url, true)
+	}
+
+	public boolean isPermittedUrl(final String url, boolean allowSubdomains) {
 		// if the permitted hostnames have not been restricted to a specific set
 		if (mPermittedHostnames.size() == 0) {
 			// all hostnames are allowed
@@ -1142,7 +1155,7 @@ public boolean isPermittedUrl(final String url) {
 		// for every hostname in the set of permitted hosts
 		for (String expectedHost : mPermittedHostnames) {
 			// if the two hostnames match or if the actual host is a subdomain of the expected host
-			if (actualHost.equals(expectedHost) || actualHost.endsWith("." + expectedHost)) {
+			if (actualHost.equals(expectedHost) || (allowSubdomains && actualHost.endsWith("." + expectedHost))) {
 				// the actual hostname of the URL to be checked is allowed
 				return true;
 			}