[Webkit-unassigned] [Bug 55577] Geolocation should continue to work after iframe reparenting

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Mar 9 14:50:29 PST 2011


https://bugs.webkit.org/show_bug.cgi?id=55577





--- Comment #4 from Dmitry Titov <dimich at chromium.org>  2011-03-09 14:50:29 PST ---
(In reply to comment #3)
> In Chromium, the URLs referred to above are a representation of security origins. It is my understanding that an iframe can only be reparented to another page of matching security origin. Is this correct?

I was not sure if those are full urls or stripped to origins. Yes, the script has to be able to access DOM of both pages to transfer iframe from one to another, so in most cases it's from the same origin. The iframe itself can be of a different origin. So your original plan sounds good. Moving permission request dialog from one window to another, following the transfer, might not be as bad. Most likely iframe transfer is used to implement some action requested by the user (by closing the window that contains it for example), so it wouldn't look like a random jump...

My question was about why the GeolocationController is per Page rather then per Frame, and if we really asking users "Can foo.com hosted in bar.com use location information?" For example, if a GoogGuys.com page hosts iframe with advertisement from BadGuys.com, and that ad will ask for Geolocation, will user be presented with a dialog that has both GoodGuys.com and BadGuys.com origins?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list