[Webkit-unassigned] [Bug 156651] WkWebview: calling localStorage.getItem() results in Uncaught Exception: SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Apr 16 20:13:40 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=156651
--- Comment #8 from Brent Fulgham <bfulgham at webkit.org> ---
(In reply to comment #7)
> (In reply to comment #6)
> > It was my understanding that "AllowUniversalAccessFromFileURLs" was part of
> > the webkit1 API and not webkit2. Do you think its worth trying to enable
> > both settings being that we are using only webkit2?
>
> Yes -- that's the setting that controls it. We use the
> UniversalAccessFromFileURLs setting to gate access.
See 'SecurityOrigin::canAccessStorage' for the details. Local storage access is gated (for file:// URLs) on m_universalAccess.
This gets set up in Document::initSecurityContext():
if (settings->allowUniversalAccessFromFileURLs()
|| m_frame->loader().client().shouldForceUniversalAccessFromLocalURL(m_url)) {
// Some clients want local URLs to have universal access, but that setting is dangerous for other clients.
securityOrigin()->grantUniversalAccess();
}
So, you might be able to do something with the frame loader client's "shouldForceUniversalAccessFromLocalURL".
You might be able to use WKBundlePageShouldForceUniversalAccessFromLocalURLCallback to set a function that either always says "Yes, go ahead and use it", or check for specific URLs that you approve of.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160417/b976e995/attachment.html>
More information about the webkit-unassigned
mailing list