[Webkit-unassigned] [Bug 34296] Provide a way for WebKit clients to specify a more granular policy for cross-origin frame access
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 3 13:02:42 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=34296
Mike Thole <mthole at mikethole.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #47724|0 |1
is obsolete| |
Attachment #49934| |review?
Flag| |
--- Comment #9 from Mike Thole <mthole at mikethole.com> 2010-03-03 13:02:42 PST ---
Created an attachment (id=49934)
--> (https://bugs.webkit.org/attachment.cgi?id=49934)
New patch. Adds SecurityOrigin::allowDOMAccessFromOrigin() for explicitly
granting cross-origin DOM access via a whitelist
I think it would be more useful to discuss the specifics of a patch, rather
than generalities. I've created a full patch that renames
SecurityOrigin::whiteListAccessFromOrigin() to
SecurityOrigin::allowNetworkAccessFromOrigin() and adds
SecurityOrigin::allowDOMAccessFromOrigin(). This provides the SPI needed by
some clients to explicitly choose to whitelist cross-origin DOM access.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list