[Webkit-unassigned] [Bug 156651] WkWebview: calling localStorage.getItem() results in Uncaught Exception: SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Apr 16 20:13:40 PDT 2016


--- Comment #8 from Brent Fulgham <bfulgham at webkit.org> ---
(In reply to comment #7)
> (In reply to comment #6)
> > It was my understanding that "AllowUniversalAccessFromFileURLs" was part of
> > the webkit1 API and not webkit2. Do you think its worth trying to enable
> > both settings being that we are using only webkit2?
> Yes -- that's the setting that controls it. We use the
> UniversalAccessFromFileURLs setting to gate access.

See 'SecurityOrigin::canAccessStorage' for the details. Local storage access is gated (for file:// URLs) on m_universalAccess.

This gets set up in Document::initSecurityContext():

    if (settings->allowUniversalAccessFromFileURLs()
        || m_frame->loader().client().shouldForceUniversalAccessFromLocalURL(m_url)) {
        // Some clients want local URLs to have universal access, but that setting is dangerous for other clients.

So, you might be able to do something with the frame loader client's "shouldForceUniversalAccessFromLocalURL".

You might be able to use WKBundlePageShouldForceUniversalAccessFromLocalURLCallback to set a function that either always says "Yes, go ahead and use it", or check for specific URLs that you approve of.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160417/b976e995/attachment.html>

More information about the webkit-unassigned mailing list