[webkit-reviews] review granted: [Bug 135121] Provide networking process with access to its HSTS db : [Attachment 235300] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 22 11:27:26 PDT 2014
Alexey Proskuryakov <ap at webkit.org> has granted Oliver Hunt
<oliver at apple.com>'s request for review:
Bug 135121: Provide networking process with access to its HSTS db
https://bugs.webkit.org/show_bug.cgi?id=135121
Attachment 235300: Patch
https://bugs.webkit.org/attachment.cgi?id=235300&action=review
------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=235300&action=review
r=me conditional on adding a FIXME with radar number to make this unnecessary.
Please don't land without one.
> Source/WebKit2/ChangeLog:10
> + directory in the network process, as the network sandbox
s/network process/UI process/
> Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm:64
> +
SandboxExtension::consumePermanently(parameters.hstsDatabasePathExtensionHandle
);
Do we need to do this on OS X? I don't think that we do, so it's confusing to
have this code run on both platforms. Confusion in security sensitive code is
worse than #ifs.
> Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h:63
> + SandboxExtension::Handle hstsDatabasePathExtensionHandle;
Can we have a FIXME here with a bug tracking making this unnecessary please?
> Source/WebKit2/UIProcess/WebContext.cpp:1218
> + if (!m_overrideNetworkingHSTSDatabasePath.isEmpty())
> + return m_overrideNetworkingHSTSDatabasePath;
There is no code anywhere to set m_overrideNetworkingHSTSDatabasePath. Please
remove it.
More information about the webkit-reviews
mailing list