[Webkit-unassigned] [Bug 219995] [GTK][WPE] Expose setCORSDisablingPatterns

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jun 3 07:56:18 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=219995

--- Comment #17 from Michael Catanzaro <mcatanzaro at gnome.org> ---
Comment on attachment 416521
  --> https://bugs.webkit.org/attachment.cgi?id=416521
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=416521&action=review

> Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4717
> + * webkit_web_view_set_cors_allow_list:

I'm also going to change this to allowlist rather than allow_list, since it recently became common to use it as one word.

>> Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4725
>> + * represent zero or more other characters.
> 
> We should clarify that requests *to* resources that match the allowed patterns bypass CORS, not requests *from* resources that match the allowed patterns. Otherwise, it's not clear which. :)

I've expanded this documentation a bit:

 * Sets the @allowlist for which
 * [Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
 * checks are disabled in @web_view. Passing a %NULL as @allowlist
 * implies that no URIs are disabled for CORS checks. URI patterns must
 * be of the form `[protocol]://[host]/[path]`, where the *host* and
 * *path* components may contain the wildcard character (`*`) to
 * represent zero or more other characters.
 *
 * Disabling CORS checks permits resources from other origins to load
 * allowlisted resources. It does not permit the allowlisted resources
 * to load resources from other origins.
 *
 * If this function is called multiple times, only the allowlist set by
 * the most recent call will be effective.

>> Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitWebView.cpp:1488
>> +}
> 
> I will think about how to write a test for this.

Going to try to write a test now....

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210603/bc06f8e9/attachment.htm>

More information about the webkit-unassigned mailing list