<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_REOPENED "
title="REOPENED - WkWebview: calling localStorage.getItem() results in Uncaught Exception: SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent."
href="https://bugs.webkit.org/show_bug.cgi?id=156651#c8">Comment # 8</a>
on <a class="bz_bug_link
bz_status_REOPENED "
title="REOPENED - WkWebview: calling localStorage.getItem() results in Uncaught Exception: SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent."
href="https://bugs.webkit.org/show_bug.cgi?id=156651">bug 156651</a>
from <span class="vcard"><a class="email" href="mailto:bfulgham@webkit.org" title="Brent Fulgham <bfulgham@webkit.org>"> <span class="fn">Brent Fulgham</span></a>
</span></b>
<pre>(In reply to <a href="show_bug.cgi?id=156651#c7">comment #7</a>)
<span class="quote">> (In reply to <a href="show_bug.cgi?id=156651#c6">comment #6</a>)
> > It was my understanding that "AllowUniversalAccessFromFileURLs" was part of
> > the webkit1 API and not webkit2. Do you think its worth trying to enable
> > both settings being that we are using only webkit2?
>
> Yes -- that's the setting that controls it. We use the
> UniversalAccessFromFileURLs setting to gate access.</span >
See 'SecurityOrigin::canAccessStorage' for the details. Local storage access is gated (for file:// URLs) on m_universalAccess.
This gets set up in Document::initSecurityContext():
if (settings->allowUniversalAccessFromFileURLs()
|| m_frame->loader().client().shouldForceUniversalAccessFromLocalURL(m_url)) {
// Some clients want local URLs to have universal access, but that setting is dangerous for other clients.
securityOrigin()->grantUniversalAccess();
}
So, you might be able to do something with the frame loader client's "shouldForceUniversalAccessFromLocalURL".
You might be able to use WKBundlePageShouldForceUniversalAccessFromLocalURLCallback to set a function that either always says "Yes, go ahead and use it", or check for specific URLs that you approve of.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>