[webkit-reviews] review requested: [Bug 34296] Provide a way for WebKit clients to specify a more granular policy for cross-origin frame access : [Attachment 49934] New patch. Adds SecurityOrigin::allowDOMAccessFromOrigin() for explicitly granting cross-origin DOM access via a whitelist
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 3 13:02:42 PST 2010
Mike Thole <mthole at mikethole.com> has asked for review:
Bug 34296: Provide a way for WebKit clients to specify a more granular policy
for cross-origin frame access
https://bugs.webkit.org/show_bug.cgi?id=34296
Attachment 49934: New patch. Adds SecurityOrigin::allowDOMAccessFromOrigin()
for explicitly granting cross-origin DOM access via a whitelist
https://bugs.webkit.org/attachment.cgi?id=49934&action=review
------- Additional Comments from Mike Thole <mthole at mikethole.com>
I think it would be more useful to discuss the specifics of a patch, rather
than generalities. I've created a full patch that renames
SecurityOrigin::whiteListAccessFromOrigin() to
SecurityOrigin::allowNetworkAccessFromOrigin() and adds
SecurityOrigin::allowDOMAccessFromOrigin(). This provides the SPI needed by
some clients to explicitly choose to whitelist cross-origin DOM access.
More information about the webkit-reviews
mailing list