[Webkit-unassigned] [Bug 156651] WkWebview: calling localStorage.getItem() results in Uncaught Exception: SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent.

Sat Apr 16 20:13:40 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=156651

--- Comment #8 from Brent Fulgham <bfulgham at webkit.org> ---
(In reply to comment #7)
> (In reply to comment #6)
> > It was my understanding that "AllowUniversalAccessFromFileURLs" was part of
> > the webkit1 API and not webkit2. Do you think its worth trying to enable
> > both settings being that we are using only webkit2?
> 
> Yes -- that's the setting that controls it. We use the
> UniversalAccessFromFileURLs setting to gate access.

See 'SecurityOrigin::canAccessStorage' for the details. Local storage access is gated (for file:// URLs) on m_universalAccess.

This gets set up in Document::initSecurityContext():

    if (settings->allowUniversalAccessFromFileURLs()
        || m_frame->loader().client().shouldForceUniversalAccessFromLocalURL(m_url)) {
        // Some clients want local URLs to have universal access, but that setting is dangerous for other clients.
        securityOrigin()->grantUniversalAccess();
    }

So, you might be able to do something with the frame loader client's "shouldForceUniversalAccessFromLocalURL".

You might be able to use WKBundlePageShouldForceUniversalAccessFromLocalURLCallback to set a function that either always says "Yes, go ahead and use it", or check for specific URLs that you approve of.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160417/b976e995/attachment.html>