This is useful to set the security policy for custom URI schemes, for example, to be treated as local or secure.
Created attachment 161654 [details]
I needed this API to implement custom URI schemes in Yelp in preparation for the WebKit2 port. See the last patch in this bug:
The patch looks good to me. If I wanted to be a nitpicker I would just say "maybe expand a bit more the documentation, as in making some things clearer such as what a URI scheme is (maybe a reference to RFC 3986?) or what a 'CORS request' is (Cross-Origin Resource Sharing, I assume)"
Comment on attachment 161654 [details]
View in context: https://bugs.webkit.org/attachment.cgi?id=161654&action=review
Looks good to me! Just a couple comments.
> + * @WEBKIT_SECURITY_POLICY_NO_ACCESS: Pages loaded with this URI scheme
WEBKIT_SECURITY_POLICY_NO_ACCESS seems a bit too broad. Perhaps WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEMES or something better?
> + * @WEBKIT_SECURITY_POLICY_CORS_ENABLED: URI scheme that can be sent CORS requests.
Agree with Mario here that you might want to link to the CORS spec.
Created attachment 162512 [details]
Updated patch to address review comments
Committed r127749: <http://trac.webkit.org/changeset/127749>