Bug 36356

Summary: Add method to WebSecurityPolicy for invoking SecurityOrigin::canAccess
Product: WebKit Reporter: jochen
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, commit-queue, fishd
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: OS X 10.5   
Attachments:
Description Flags
Patch
none
patch
none
patch
none
patch none

jochen
Reported 2010-03-19 03:47:06 PDT
Add method to WebSecurityPolicy for invoking SecurityOrigin::canAccess
Attachments
Patch (2.12 KB, patch)
2010-03-19 03:47 PDT, jochen 		no flags
DetailsFormatted DiffDiff
patch (3.83 KB, patch)
2010-03-19 09:26 PDT, jochen 		no flags
DetailsFormatted DiffDiff
patch (3.83 KB, patch)
2010-03-22 00:38 PDT, jochen 		no flags
DetailsFormatted DiffDiff
patch (3.83 KB, patch)
2010-03-22 00:40 PDT, jochen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
jochen
Comment 1 2010-03-19 03:47:57 PDT
Created attachment 51141 [details] Patch
jochen
Comment 2 2010-03-19 03:49:33 PDT
chromium passes a list of patterns as whitelist to SecurityOrigin. This method will allow for checking against this policy. Right now, we copy the logic of SecurityOrigin in the renderer.
Adam Barth
Comment 3 2010-03-19 09:09:30 PDT
Comment on attachment 51141 [details] Patch This isn't quite right. We should have a canAccess method on WebSecurityOrigin that mirrors SecuirtyOrigin::canAccess. We might also want a WebSecurityOrigin::createFromURL if we don't have that already.
jochen
Comment 4 2010-03-19 09:26:53 PDT
Created attachment 51162 [details] patch
Adam Barth
Comment 5 2010-03-19 09:33:16 PDT
Looks reasonable to me, but we need fishd's sign-off on WebKit API changes. One question, why + WEBKIT_API bool canAccess(const WebSecurityOrigin*) const; instead of + WEBKIT_API bool canAccess(const WebSecurityOrigin&) const; ?
Darin Fisher (:fishd, Google)
Comment 6 2010-03-19 09:48:34 PDT
I agree with Adam. Pass by const reference.
Adam Barth
Comment 7 2010-03-21 17:00:03 PDT
Comment on attachment 51162 [details] patch I think Darin meant to r- this patch with his comment above.
jochen
Comment 8 2010-03-22 00:38:56 PDT
Created attachment 51269 [details] patch
jochen
Comment 9 2010-03-22 00:40:07 PDT
Created attachment 51270 [details] patch
jochen
Comment 10 2010-03-22 00:40:38 PDT
Comment on attachment 51270 [details] patch made other a const ref and fixed a typo in the changelog
Jeremy Orlow
Comment 11 2010-03-22 03:45:23 PDT
Comment on attachment 51270 [details] patch r=me
WebKit Commit Bot
Comment 12 2010-03-22 04:07:51 PDT
Comment on attachment 51270 [details] patch Clearing flags on attachment: 51270 Committed r56330: <http://trac.webkit.org/changeset/56330>
WebKit Commit Bot
Comment 13 2010-03-22 04:07:57 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.