[webkit-reviews] review denied: [Bug 96497] [GTK] Add API to get/set the security policy of a given URI scheme to WebKit2 GTK+ : [Attachment 163597] Try to fix the mac build
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 14 08:42:05 PDT 2012
Martin Robinson <mrobinson at webkit.org> has denied Carlos Garcia Campos
<cgarcia at igalia.com>'s request for review:
Bug 96497: [GTK] Add API to get/set the security policy of a given URI scheme
to WebKit2 GTK+
https://bugs.webkit.org/show_bug.cgi?id=96497
Attachment 163597: Try to fix the mac build
https://bugs.webkit.org/attachment.cgi?id=163597&action=review
------- Additional Comments from Martin Robinson <mrobinson at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=163597&action=review
> Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp:648
> + // We keep the WebCore::SchemeRegistry of the UI process in sync with
the
> + // web process one, so that we can return the WebKitSecurityPolicy for
> + // a given URI scheme synchronously without blocking.
> + if (policy & WEBKIT_SECURITY_POLICY_LOCAL) {
> + WebCore::SchemeRegistry::registerURLSchemeAsLocal(urlScheme);
> + webContext->registerURLSchemeAsLocal(urlScheme);
> + }
> + if (policy & WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEME) {
> + WebCore::SchemeRegistry::registerURLSchemeAsNoAccess(urlScheme);
> + webContext->registerURLSchemeAsNoAccess(urlScheme);
> + }
> + if (policy & WEBKIT_SECURITY_POLICY_DISPLAY_ISOLATED) {
> +
WebCore::SchemeRegistry::registerURLSchemeAsDisplayIsolated(urlScheme);
> + webContext->registerURLSchemeAsDisplayIsolated(urlScheme);
> + }
> + if (policy & WEBKIT_SECURITY_POLICY_SECURE) {
> + WebCore::SchemeRegistry::registerURLSchemeAsSecure(urlScheme);
> + webContext->registerURLSchemeAsSecure(urlScheme);
> + }
> + if (policy & WEBKIT_SECURITY_POLICY_CORS_ENABLED) {
> + WebCore::SchemeRegistry::registerURLSchemeAsCORSEnabled(urlScheme);
> + webContext->registerURLSchemeAsCORSEnabled(urlScheme);
> + }
> + if (policy & WEBKIT_SECURITY_POLICY_EMPTY_DOCUMENT) {
> +
WebCore::SchemeRegistry::registerURLSchemeAsEmptyDocument(urlScheme);
> + webContext->registerURLSchemeAsEmptyDocument(urlScheme);
> + }
> +}
> +
One thing I notice here is that if you say, activate
WEBKIT_SECURITY_POLICY_LOCAL, and then call this method again with the same
scheme without WEBKIT_SECURITY_POLICY_LOCAL removeURLSchemeRegisteredAsLocal is
never called. It seems that you can never undo any of the actions you take. On
the other hand there doesn't seem to be a way in WebCore to undo registration
for all other types of schemes. Perhaps that means this API doesn't map to the
one in WebCore. Perhaps you need to add a method in WebCore to remove all
registrations for a scheme and call that first here.
More information about the webkit-reviews
mailing list