Summary: | Add method to WebSecurityPolicy for invoking SecurityOrigin::canAccess | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | jochen | ||||||||||
Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> | ||||||||||
Status: | RESOLVED FIXED | ||||||||||||
Severity: | Normal | CC: | abarth, commit-queue, fishd | ||||||||||
Priority: | P2 | ||||||||||||
Version: | 528+ (Nightly build) | ||||||||||||
Hardware: | Other | ||||||||||||
OS: | OS X 10.5 | ||||||||||||
Attachments: |
|
Description
jochen
2010-03-19 03:47:06 PDT
Created attachment 51141 [details]
Patch
chromium passes a list of patterns as whitelist to SecurityOrigin. This method will allow for checking against this policy. Right now, we copy the logic of SecurityOrigin in the renderer. Comment on attachment 51141 [details]
Patch
This isn't quite right. We should have a canAccess method on WebSecurityOrigin that mirrors SecuirtyOrigin::canAccess. We might also want a WebSecurityOrigin::createFromURL if we don't have that already.
Created attachment 51162 [details]
patch
Looks reasonable to me, but we need fishd's sign-off on WebKit API changes. One question, why + WEBKIT_API bool canAccess(const WebSecurityOrigin*) const; instead of + WEBKIT_API bool canAccess(const WebSecurityOrigin&) const; ? I agree with Adam. Pass by const reference. Comment on attachment 51162 [details]
patch
I think Darin meant to r- this patch with his comment above.
Created attachment 51269 [details]
patch
Created attachment 51270 [details]
patch
Comment on attachment 51270 [details]
patch
made other a const ref and fixed a typo in the changelog
Comment on attachment 51270 [details]
patch
r=me
Comment on attachment 51270 [details] patch Clearing flags on attachment: 51270 Committed r56330: <http://trac.webkit.org/changeset/56330> All reviewed patches have been landed. Closing bug. |