Bug 36356

Summary: Add method to WebSecurityPolicy for invoking SecurityOrigin::canAccess
Product: WebKit Reporter: jochen
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, commit-queue, fishd
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: OS X 10.5   
Attachments:
Description Flags
Patch
none
patch
none
patch
none
patch none

Description jochen 2010-03-19 03:47:06 PDT
Add method to WebSecurityPolicy for invoking SecurityOrigin::canAccess
Comment 1 jochen 2010-03-19 03:47:57 PDT
Created attachment 51141 [details]
Patch
Comment 2 jochen 2010-03-19 03:49:33 PDT
chromium passes a list of patterns as whitelist to SecurityOrigin. This method will allow for checking against this policy. Right now, we copy the logic of SecurityOrigin in the renderer.
Comment 3 Adam Barth 2010-03-19 09:09:30 PDT
Comment on attachment 51141 [details]
Patch

This isn't quite right.  We should have a canAccess method on WebSecurityOrigin that mirrors SecuirtyOrigin::canAccess.  We might also want a WebSecurityOrigin::createFromURL if we don't have that already.
Comment 4 jochen 2010-03-19 09:26:53 PDT
Created attachment 51162 [details]
patch
Comment 5 Adam Barth 2010-03-19 09:33:16 PDT
Looks reasonable to me, but we need fishd's sign-off on WebKit API changes.

One question, why

+ WEBKIT_API bool canAccess(const WebSecurityOrigin*) const;

instead of

+ WEBKIT_API bool canAccess(const WebSecurityOrigin&) const;

?
Comment 6 Darin Fisher (:fishd, Google) 2010-03-19 09:48:34 PDT
I agree with Adam.  Pass by const reference.
Comment 7 Adam Barth 2010-03-21 17:00:03 PDT
Comment on attachment 51162 [details]
patch

I think Darin meant to r- this patch with his comment above.
Comment 8 jochen 2010-03-22 00:38:56 PDT
Created attachment 51269 [details]
patch
Comment 9 jochen 2010-03-22 00:40:07 PDT
Created attachment 51270 [details]
patch
Comment 10 jochen 2010-03-22 00:40:38 PDT
Comment on attachment 51270 [details]
patch

made other a const ref and fixed a typo in the changelog
Comment 11 Jeremy Orlow 2010-03-22 03:45:23 PDT
Comment on attachment 51270 [details]
patch

r=me
Comment 12 WebKit Commit Bot 2010-03-22 04:07:51 PDT
Comment on attachment 51270 [details]
patch

Clearing flags on attachment: 51270

Committed r56330: <http://trac.webkit.org/changeset/56330>
Comment 13 WebKit Commit Bot 2010-03-22 04:07:57 PDT
All reviewed patches have been landed.  Closing bug.