Changeset 55335 in webkit
- Timestamp:
- Feb 26, 2010 7:20:22 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r55334 r55335 1 2010-02-26 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Fisher. 4 5 Expose an API for ports to add schemes to the mixed content whitelist 6 https://bugs.webkit.org/show_bug.cgi?id=35438 7 8 Add a notion of a "secure" scheme that doesn't trigger mixed content 9 warnings. Let folks register new secure schemes in the same way they 10 can register "local" schemes. 11 12 * loader/FrameLoader.cpp: 13 (WebCore::FrameLoader::isMixedContent): 14 * page/SecurityOrigin.cpp: 15 (WebCore::secureSchemes): 16 (WebCore::SecurityOrigin::registerURLSchemeAsSecure): 17 (WebCore::SecurityOrigin::shouldTreatURLSchemeAsSecure): 18 * page/SecurityOrigin.h: 19 1 20 2010-02-26 Noam Rosenthal <noam.rosenthal@nokia.com> 2 21 -
trunk/WebCore/loader/FrameLoader.cpp
r55207 r55335 1401 1401 return false; // We only care about HTTPS security origins. 1402 1402 1403 if (!url.isValid() || url.protocolIs("https") || url.protocolIs("about") || url.protocolIs("data"))1403 if (!url.isValid() || SecurityOrigin::shouldTreatURLSchemeAsSecure(url.protocol())) 1404 1404 return false; // Loading these protocols is secure. 1405 1405 -
trunk/WebCore/page/SecurityOrigin.cpp
r54873 r55335 64 64 65 65 return localSchemes; 66 } 67 68 static URLSchemesMap& secureSchemes() 69 { 70 DEFINE_STATIC_LOCAL(URLSchemesMap, secureSchemes, ()); 71 72 if (secureSchemes.isEmpty()) { 73 secureSchemes.add("https"); 74 secureSchemes.add("about"); 75 secureSchemes.add("data"); 76 } 77 78 return secureSchemes; 66 79 } 67 80 … … 478 491 } 479 492 493 void SecurityOrigin::registerURLSchemeAsSecure(const String& scheme) 494 { 495 secureSchemes().add(scheme); 496 } 497 498 bool SecurityOrigin::shouldTreatURLSchemeAsSecure(const String& scheme) 499 { 500 return secureSchemes().contains(scheme); 501 } 502 480 503 bool SecurityOrigin::shouldHideReferrer(const KURL& url, const String& referrer) 481 504 { -
trunk/WebCore/page/SecurityOrigin.h
r54873 r55335 175 175 static bool shouldTreatURLSchemeAsLocal(const String&); 176 176 177 // Secure schemes do not trigger mixed content warnings. For example, 178 // https and data are secure schemes because they cannot be corrupted by 179 // active network attackers. 180 static void registerURLSchemeAsSecure(const String&); 181 static bool shouldTreatURLSchemeAsSecure(const String&); 182 177 183 static bool shouldHideReferrer(const KURL&, const String& referrer); 178 184 -
trunk/WebKit/chromium/ChangeLog
r55321 r55335 1 2010-02-26 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Darin Fisher. 4 5 Expose an API for ports to add schemes to the mixed content whitelist 6 https://bugs.webkit.org/show_bug.cgi?id=35438 7 8 Expose registerURLSchemeAsSecure via the WebKit API. 9 10 * public/WebSecurityPolicy.h: 11 * src/WebSecurityPolicy.cpp: 12 (WebKit::WebSecurityPolicy::registerURLSchemeAsSecure): 13 1 14 2010-02-26 Brett Wilson <brettw@chromium.org> 2 15 -
trunk/WebKit/chromium/public/WebSecurityPolicy.h
r52027 r55335 51 51 WEBKIT_API static void registerURLSchemeAsNoAccess(const WebString&); 52 52 53 // Registers a URL scheme to not generate mixed content warnings when 54 // included by an HTTPS page. 55 WEBKIT_API static void registerURLSchemeAsSecure(const WebString&); 56 53 57 // Support for whitelisting access to origins beyond the same-origin policy. 54 58 WEBKIT_API static void whiteListAccessFromOrigin( -
trunk/WebKit/chromium/src/WebSecurityPolicy.cpp
r52027 r55335 52 52 } 53 53 54 void WebSecurityPolicy::registerURLSchemeAsSecure(const WebString& scheme) 55 { 56 SecurityOrigin::registerURLSchemeAsSecure(scheme); 57 } 58 54 59 void WebSecurityPolicy::whiteListAccessFromOrigin(const WebURL& sourceOrigin, 55 60 const WebString& destinationProtocol,
Note: See TracChangeset
for help on using the changeset viewer.