Bug 76082

Summary: [EFL] SecurityPolicy whitelist interface should be exposed to EWebKit
Product: WebKit Reporter: Leandro Pereira <leandro>
Component: WebKit EFLAssignee: Leandro Pereira <leandro>
Status: RESOLVED FIXED    
Severity: Normal CC: gyuyoung.kim, gyuyoung.kim, lucas.de.marchi, rakuco, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Leandro Pereira 2012-01-11 11:35:54 PST
[EFL] SecurityPolicy whitelist interface should be exposed to EWebKit
Comment 1 Leandro Pereira 2012-01-11 12:41:01 PST
Created attachment 122075 [details]
Patch
Comment 2 Raphael Kubo da Costa (:rakuco) 2012-01-11 12:42:51 PST
People might complain that the declarations in the header span multiple lines, but that shouldn't be much of a problem IMO.

LGTM.
Comment 3 Gyuyoung Kim 2012-01-11 19:17:26 PST
Comment on attachment 122075 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=122075&action=review

Looks good patch itself. But, I wonder why we need to support security policy as APIs.

> Source/WebKit/efl/ChangeLog:7
> +

IMO, it is much better to add description why efl port supports this APIs.
Comment 4 Raphael Kubo da Costa (:rakuco) 2012-01-11 20:14:30 PST
(In reply to comment #3)
> IMO, it is much better to add description why efl port supports this APIs.

Do you mean mentioning in the ChangeLog what the apidox says?
Comment 5 Gyuyoung Kim 2012-01-11 21:11:58 PST
(In reply to comment #4)
> (In reply to comment #3)
> > IMO, it is much better to add description why efl port supports this APIs.
> 
> Do you mean mentioning in the ChangeLog what the apidox says?

If there is description for security policy role or feature in ChangeLog, it is helpful to understand this patch for us. Because, it looks leandro contributes new files to ewk.
Comment 6 Leandro Pereira 2012-01-12 08:31:34 PST
(In reply to comment #5)
> 
> If there is description for security policy role or feature in ChangeLog, it is 
> helpful to understand this patch for us. 
>

This allows bypassing the same origin policy when making XMLHTTPRequests.

Generally not useful for web browsers, but important if you plan to create (or are already working on) Dashboard-like widgets that make requests to third-party servers; specifically if  W3C's Widget Access Request spec[1] is implemented by the library client.

The whitelist feature is already available in WebCore: this patch adds only a thin layer around it so that a EWebKit can call it.

>
> Because, it looks leandro contributes new files to ewk.
>

A new file has been added because code therein do not belong somewhere else.

[1] http://dev.w3.org/2006/waf/widgets-access/
Comment 7 Gyuyoung Kim 2012-01-12 16:17:26 PST
(In reply to comment #6)
> (In reply to comment #5)
> > 
> > If there is description for security policy role or feature in ChangeLog, it is 
> > helpful to understand this patch for us. 
> >
> 
> This allows bypassing the same origin policy when making XMLHTTPRequests.
> 
> Generally not useful for web browsers, but important if you plan to create (or are already working on) Dashboard-like widgets that make requests to third-party servers; specifically if  W3C's Widget Access Request spec[1] is implemented by the library client.
> 
> The whitelist feature is already available in WebCore: this patch adds only a thin layer around it so that a EWebKit can call it.
> 
> >
> > Because, it looks leandro contributes new files to ewk.
> >
> 
> A new file has been added because code therein do not belong somewhere else.
> 
> [1] http://dev.w3.org/2006/waf/widgets-access/

Thank you for you kindly description :-) LGTM.
Comment 8 WebKit Review Bot 2012-01-13 11:24:18 PST
Comment on attachment 122075 [details]
Patch

Clearing flags on attachment: 122075

Committed r104960: <http://trac.webkit.org/changeset/104960>
Comment 9 WebKit Review Bot 2012-01-13 11:24:23 PST
All reviewed patches have been landed.  Closing bug.