[Webkit-unassigned] [Bug 219995] [GTK][WPE] Expose setCORSDisablingPatterns
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 3 07:56:18 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=219995
--- Comment #17 from Michael Catanzaro <mcatanzaro at gnome.org> ---
Comment on attachment 416521
--> https://bugs.webkit.org/attachment.cgi?id=416521
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=416521&action=review
> Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4717
> + * webkit_web_view_set_cors_allow_list:
I'm also going to change this to allowlist rather than allow_list, since it recently became common to use it as one word.
>> Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4725
>> + * represent zero or more other characters.
>
> We should clarify that requests *to* resources that match the allowed patterns bypass CORS, not requests *from* resources that match the allowed patterns. Otherwise, it's not clear which. :)
I've expanded this documentation a bit:
* Sets the @allowlist for which
* [Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
* checks are disabled in @web_view. Passing a %NULL as @allowlist
* implies that no URIs are disabled for CORS checks. URI patterns must
* be of the form `[protocol]://[host]/[path]`, where the *host* and
* *path* components may contain the wildcard character (`*`) to
* represent zero or more other characters.
*
* Disabling CORS checks permits resources from other origins to load
* allowlisted resources. It does not permit the allowlisted resources
* to load resources from other origins.
*
* If this function is called multiple times, only the allowlist set by
* the most recent call will be effective.
>> Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp:1488
>> +}
>
> I will think about how to write a test for this.
Going to try to write a test now....
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210603/bc06f8e9/attachment.htm>
More information about the webkit-unassigned
mailing list