Changeset 211758 in webkit
- Timestamp:
- Feb 6, 2017 4:25:00 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r211756 r211758 1 2017-02-06 Youenn Fablet <youennf@gmail.com> 2 3 Allow some schemes to opt-out of CORS 4 https://bugs.webkit.org/show_bug.cgi?id=167795 5 6 Reviewed by Alex Christensen. 7 8 * http/tests/security/bypassing-cors-checks-for-extension-urls-expected.txt: Added. 9 * http/tests/security/bypassing-cors-checks-for-extension-urls.html: Added. 10 1 11 2017-02-06 Chris Dumez <cdumez@apple.com> 2 12 -
trunk/Source/WebCore/ChangeLog
r211756 r211758 1 2017-02-06 Youenn Fablet <youennf@gmail.com> 2 3 Allow some schemes to opt-out of CORS 4 https://bugs.webkit.org/show_bug.cgi?id=167795 5 6 Reviewed by Alex Christensen. 7 8 Test: http/tests/security/bypassing-cors-checks-for-extension-urls.html 9 10 Adding the possibility to opt out of CORS for DocumentThreadableLoader clients (fetch and XHR). 11 This is made specific to the case of user extension URLs for pages running user scripts. 12 Introducing a boolean flag in Page for that purpose. 13 Introducing a helper routine in SchemeRegistry to centralize the various user script extension schemes. 14 15 * loader/DocumentThreadableLoader.cpp: 16 (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): 17 * page/Frame.cpp: 18 (WebCore::Frame::injectUserScripts): 19 * page/Page.h: 20 (WebCore::Page::setAsRunningUserScripts): 21 (WebCore::Page::isRunningUserScripts): 22 * platform/SchemeRegistry.cpp: 23 (WebCore::SchemeRegistry::isUserExtensionScheme): 24 * platform/SchemeRegistry.h: 25 * testing/Internals.cpp: 26 (WebCore::Internals::setAsRunningUserScripts): 27 * testing/Internals.h: 28 * testing/Internals.idl: 29 1 30 2017-02-06 Chris Dumez <cdumez@apple.com> 2 31 -
trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp
r210859 r211758 111 111 m_originalHeaders = request.httpHeaderFields(); 112 112 113 if (document.page() && document.page()->isRunningUserScripts() && SchemeRegistry::isUserExtensionScheme(request.url().protocol().toStringWithoutCopying())) { 114 m_options.mode = FetchOptions::Mode::NoCors; 115 m_options.filteringPolicy = ResponseFilteringPolicy::Disable; 116 } 117 113 118 // As per step 11 of https://fetch.spec.whatwg.org/#main-fetch, data scheme (if same-origin data-URL flag is set) and about scheme are considered same-origin. 114 119 if (request.url().protocolIsData()) -
trunk/Source/WebCore/page/Frame.cpp
r211741 r211758 711 711 return; 712 712 713 if (script.injectionTime() == injectionTime && UserContentURLPattern::matchesPatterns(document->url(), script.whitelist(), script.blacklist())) 713 if (script.injectionTime() == injectionTime && UserContentURLPattern::matchesPatterns(document->url(), script.whitelist(), script.blacklist())) { 714 m_page->setAsRunningUserScripts(); 714 715 m_script->evaluateInWorld(ScriptSourceCode(script.source(), script.url()), world); 716 } 715 717 }); 716 718 } -
trunk/Source/WebCore/page/Page.h
r211254 r211758 392 392 #endif 393 393 394 void setAsRunningUserScripts() { m_isRunningUserScripts = true; } 395 bool isRunningUserScripts() const { return m_isRunningUserScripts; } 396 394 397 void setDebugger(JSC::Debugger*); 395 398 JSC::Debugger* debugger() const { return m_debugger; } … … 776 779 777 780 std::unique_ptr<PerformanceMonitor> m_performanceMonitor; 781 782 bool m_isRunningUserScripts { false }; 778 783 }; 779 784 -
trunk/Source/WebCore/platform/SchemeRegistry.cpp
r209641 r211758 358 358 #endif 359 359 360 bool SchemeRegistry::isUserExtensionScheme(const String& scheme) 361 { 362 UNUSED_PARAM(scheme); 363 #if PLATFORM(MAC) 364 if (scheme == "safari-extension") 365 return true; 366 #endif 367 return false; 368 } 369 360 370 } // namespace WebCore -
trunk/Source/WebCore/platform/SchemeRegistry.h
r207769 r211758 100 100 static bool shouldPartitionCacheForURLScheme(const String& scheme); 101 101 #endif 102 103 static bool isUserExtensionScheme(const String& scheme); 102 104 }; 103 105 -
trunk/Source/WebCore/testing/Internals.cpp
r211741 r211758 3691 3691 #endif 3692 3692 3693 void Internals::setAsRunningUserScripts(Document& document) 3694 { 3695 if (document.page()) 3696 document.page()->setAsRunningUserScripts(); 3697 } 3698 3693 3699 } // namespace WebCore -
trunk/Source/WebCore/testing/Internals.h
r211683 r211758 527 527 #endif 528 528 529 void setAsRunningUserScripts(Document&); 530 529 531 private: 530 532 explicit Internals(Document&); -
trunk/Source/WebCore/testing/Internals.idl
r211683 r211758 500 500 void setQuickLookPassword(DOMString password); 501 501 #endif 502 }; 502 503 [CallWith=Document] void setAsRunningUserScripts(); 504 };
Note: See TracChangeset
for help on using the changeset viewer.