Bug 95549 - [GTK] Add API to get/set the security policy of a given URI scheme
Summary: [GTK] Add API to get/set the security policy of a given URI scheme
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-31 03:48 PDT by Carlos Garcia Campos
Modified: 2012-09-06 09:49 PDT (History)
4 users (show)

See Also:


Attachments
Patch (9.75 KB, patch)
2012-08-31 03:51 PDT, Carlos Garcia Campos
mrobinson: review-
Details | Formatted Diff | Diff
Updated patch to address review comments (10.02 KB, patch)
2012-09-06 08:19 PDT, Carlos Garcia Campos
mrobinson: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Garcia Campos 2012-08-31 03:48:14 PDT
This is useful to set the security policy for custom URI schemes, for example, to be treated as local or secure.
Comment 1 Carlos Garcia Campos 2012-08-31 03:51:39 PDT
Created attachment 161654 [details]
Patch
Comment 2 Carlos Garcia Campos 2012-08-31 05:50:04 PDT
I needed this API to implement custom URI schemes in Yelp in preparation for the WebKit2 port. See the last patch in this bug:

https://bugzilla.gnome.org/show_bug.cgi?id=683100
Comment 3 Mario Sanchez Prada 2012-09-03 01:11:59 PDT
The patch looks good to me. If I wanted to be a nitpicker I would just say "maybe expand a bit more the documentation, as in making some things clearer such as what a URI scheme is (maybe a reference to RFC 3986?) or what a 'CORS request' is (Cross-Origin Resource Sharing, I assume)"
Comment 4 Martin Robinson 2012-09-03 18:04:14 PDT
Comment on attachment 161654 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=161654&action=review

Looks good to me! Just a couple comments.

> Source/WebKit/gtk/webkit/webkitglobals.h:149
> + * @WEBKIT_SECURITY_POLICY_NO_ACCESS: Pages loaded with this URI scheme

WEBKIT_SECURITY_POLICY_NO_ACCESS seems a bit too broad. Perhaps WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEMES or something better?

> Source/WebKit/gtk/webkit/webkitglobals.h:155
> + * @WEBKIT_SECURITY_POLICY_CORS_ENABLED: URI scheme that can be sent CORS requests.

Agree with Mario here that you might want to link to the CORS spec.
Comment 5 Carlos Garcia Campos 2012-09-06 08:19:07 PDT
Created attachment 162512 [details]
Updated patch to address review comments
Comment 6 Carlos Garcia Campos 2012-09-06 09:49:20 PDT
Committed r127749: <http://trac.webkit.org/changeset/127749>