[webkit-dev] Regarding SecurityOrigin API usage

Pushparajan V vprajan at gmail.com
Thu Jan 6 06:27:35 PST 2011

Hi all,

I have a query regarding addOriginAccessWhitelistEntry API in
SecurityOrigin.cpp. Is there any special requirement in the
sourceOrigin argument of this API when the scheme of the sourceOrigin
is already added to the localScheme list?

Because if the sourceOrigin is localScheme and the URI doesn't have a
path, this API fails miserably without any warning or asserts.

For example, if widget is a local scheme and the source origin URI is
widget://884889/ for which i need to whitelist some destination URLs,
the below statement returns null.

    String sourceString = sourceOrigin.toString();

After debugging more, found that all local schemes are treated as
file:// schemes and directory access is not allowed for any

Does that mean securityOrigin's should be created always with full URLs?

Pushparajan V

More information about the webkit-dev mailing list