[Webkit-unassigned] [Bug 96497] [GTK] Add API to get/set the security policy of a given URI scheme to WebKit2 GTK+
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 14 08:42:06 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=96497
Martin Robinson <mrobinson at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #163597|review? |review-
Flag| |
--- Comment #5 from Martin Robinson <mrobinson at webkit.org> 2012-09-14 08:42:33 PST ---
(From update of attachment 163597)
View in context: https://bugs.webkit.org/attachment.cgi?id=163597&action=review
> Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp:648
> + // We keep the WebCore::SchemeRegistry of the UI process in sync with the
> + // web process one, so that we can return the WebKitSecurityPolicy for
> + // a given URI scheme synchronously without blocking.
> + if (policy & WEBKIT_SECURITY_POLICY_LOCAL) {
> + WebCore::SchemeRegistry::registerURLSchemeAsLocal(urlScheme);
> + webContext->registerURLSchemeAsLocal(urlScheme);
> + }
> + if (policy & WEBKIT_SECURITY_POLICY_NO_ACCESS_TO_OTHER_SCHEME) {
> + WebCore::SchemeRegistry::registerURLSchemeAsNoAccess(urlScheme);
> + webContext->registerURLSchemeAsNoAccess(urlScheme);
> + }
> + if (policy & WEBKIT_SECURITY_POLICY_DISPLAY_ISOLATED) {
> + WebCore::SchemeRegistry::registerURLSchemeAsDisplayIsolated(urlScheme);
> + webContext->registerURLSchemeAsDisplayIsolated(urlScheme);
> + }
> + if (policy & WEBKIT_SECURITY_POLICY_SECURE) {
> + WebCore::SchemeRegistry::registerURLSchemeAsSecure(urlScheme);
> + webContext->registerURLSchemeAsSecure(urlScheme);
> + }
> + if (policy & WEBKIT_SECURITY_POLICY_CORS_ENABLED) {
> + WebCore::SchemeRegistry::registerURLSchemeAsCORSEnabled(urlScheme);
> + webContext->registerURLSchemeAsCORSEnabled(urlScheme);
> + }
> + if (policy & WEBKIT_SECURITY_POLICY_EMPTY_DOCUMENT) {
> + WebCore::SchemeRegistry::registerURLSchemeAsEmptyDocument(urlScheme);
> + webContext->registerURLSchemeAsEmptyDocument(urlScheme);
> + }
> +}
> +
One thing I notice here is that if you say, activate WEBKIT_SECURITY_POLICY_LOCAL, and then call this method again with the same scheme without WEBKIT_SECURITY_POLICY_LOCAL removeURLSchemeRegisteredAsLocal is never called. It seems that you can never undo any of the actions you take. On the other hand there doesn't seem to be a way in WebCore to undo registration for all other types of schemes. Perhaps that means this API doesn't map to the one in WebCore. Perhaps you need to add a method in WebCore to remove all registrations for a scheme and call that first here.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list