[webkit-reviews] review requested: [Bug 24853] Provide a way for WebKit clients to specify a more granular policy for cross-origin XHR access : [Attachment 35037] Implements the concept of 'security origin access white lists'.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 18 04:59:14 PDT 2009
Aaron Boodman <aa at chromium.org> has asked for review:
Bug 24853: Provide a way for WebKit clients to specify a more granular policy
for cross-origin XHR access
https://bugs.webkit.org/show_bug.cgi?id=24853
Attachment 35037: Implements the concept of 'security origin access white
lists'.
https://bugs.webkit.org/attachment.cgi?id=35037&action=review
------- Additional Comments from Aaron Boodman <aa at chromium.org>
This patch adds the concept of a whitelist of origins that each origin can
access in addition to those that the normal security policies would allow.
Clients of WebCore can add items to this list to enable particular origins to
break out of same-origin in a controlled way.
The particular features of the whitelist were chosen because they are the
features needed by this code's first client -- Chromium extensions. But I think
that the feature is pretty useful and might be used by other clients in the
future.
I haven't yet implemented the WebKit frontends for any platforms other than
mac. I wanted to get feedback on this first.
More information about the webkit-reviews
mailing list