[Webkit-unassigned] [Bug 117823] [Qt] Add interface API for origin whitelisting

Mon Jul 22 03:52:26 PDT 2013

https://bugs.webkit.org/show_bug.cgi?id=117823

--- Comment #13 from Jocelyn Turcotte <jocelyn.turcotte at digia.com>  2013-07-22 03:52:17 PST ---
(From update of attachment 205684)
View in context: https://bugs.webkit.org/attachment.cgi?id=205684&action=review

> Source/WebKit/qt/Api/qwebsecurityorigin.cpp:271
> +    Allows application/platform to whilelist an origin to have access to specific desitnations beyond same-origin-policy.

- The documentation should explain a bit what each parameter is about, also using the "\a" switch.
- No need to say "application/platform", who else would call this method?

> Source/WebKit/qt/Api/qwebsecurityorigin.cpp:273
> +void QWebSecurityOrigin::addOriginAccessWhitelistEntry(const QUrl& sourceOrigin, const QString& destinationProtocol, const QString& destinationHost, SubdomainSetting subdomainSetting)

The rest of the class names is "scheme" rather than "protocol", it would be nice to keep it consistent. It's also a bit clearer.

> Source/WebKit/qt/Api/qwebsecurityorigin.h:30
> +    class SecurityPolicy;

I think you don't need this here.

> Source/WebKit/qt/Api/qwebsecurityorigin.h:52
> +    static void addOriginAccessWhitelistEntry(const QUrl&, const QString&, const QString&, SubdomainSetting);
> +    static void removeOriginAccessWhitelistEntry(const QUrl&, const QString&, const QString&, SubdomainSetting);
> +    static void resetOriginAccessWhitelists();

The public header should always include parameter names.

I also think that having a QWebSecurityOrigin(const QUrl&) public constructor and have add/remove as member methods would be a cleaner API.
QWebSecurityOrigin basically wraps WebCore::SecurityOrigin and I don't see much reason to prevent its construction if SecurityOrigin allows it.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.