Changeset 57238 in webkit
- Timestamp:
- Apr 7, 2010 3:59:29 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r57237 r57238 1 2010-04-07 Erik Arvidsson <arv@chromium.org> 2 3 Reviewed by Adam Barth. 4 5 Allow white listing access from origin to local origin. 6 https://bugs.webkit.org/show_bug.cgi?id=37228 7 8 This makes it possible to load a local resource from a non local 9 origin if the access has previously been white listed by calling 10 SecurityOrigin::whiteListAccessFromOrigin. 11 12 * http/tests/security/local-image-from-remote-whitelisted-expected.txt: Added. 13 * http/tests/security/local-image-from-remote-whitelisted.html: Added. 14 1 15 2010-04-07 Eric Seidel <eric@webkit.org> 2 16 -
trunk/WebCore/ChangeLog
r57236 r57238 1 2010-04-07 Erik Arvidsson <arv@chromium.org> 2 3 Reviewed by Adam Barth. 4 5 Allow white listing access from origin to local origin. 6 https://bugs.webkit.org/show_bug.cgi?id=37228 7 8 This makes it possible to load a local resource from a non local 9 origin if the access has previously been white listed by calling 10 SecurityOrigin::whiteListAccessFromOrigin. 11 12 Test: http/tests/security/local-image-from-remote-whitelisted.html 13 14 * page/OriginAccessEntry.cpp: 15 (WebCore::OriginAccessEntry::OriginAccessEntry): Removed assert that only the http and https protocol are valid. 16 * page/SecurityOrigin.cpp: 17 (WebCore::SecurityOrigin::canRequest): Use isAccessWhiteListed 18 (WebCore::SecurityOrigin::isAccessWhiteListed): Extracted code that goes through the originAccessMap to do the origin matching. 19 (WebCore::SecurityOrigin::canLoad): Check if access has been white listed. 20 * page/SecurityOrigin.h: Add private function isAccessWhiteListed 21 1 22 2010-04-07 Luiz Agostini <luiz.agostini@openbossa.org> 2 23 -
trunk/WebCore/page/OriginAccessEntry.cpp
r47549 r57238 41 41 , m_subdomainSettings(subdomainSetting) 42 42 { 43 ASSERT(m_protocol == "http" || m_protocol == "https");44 43 ASSERT(subdomainSetting == AllowSubdomains || subdomainSetting == DisallowSubdomains); 45 44 -
trunk/WebCore/page/SecurityOrigin.cpp
r56825 r57238 262 262 return true; 263 263 264 if (OriginAccessWhiteList* list = originAccessMap().get(toString())) { 265 for (size_t i = 0; i < list->size(); ++i) { 266 if (list->at(i).matchesOrigin(*targetOrigin)) 267 return true; 268 } 269 } 264 if (isAccessWhiteListed(targetOrigin.get())) 265 return true; 270 266 271 267 return false; … … 289 285 } 290 286 287 bool SecurityOrigin::isAccessWhiteListed(const SecurityOrigin* targetOrigin) const 288 { 289 if (OriginAccessWhiteList* list = originAccessMap().get(toString())) { 290 for (size_t i = 0; i < list->size(); ++i) { 291 if (list->at(i).matchesOrigin(*targetOrigin)) 292 return true; 293 } 294 } 295 return false; 296 } 297 291 298 bool SecurityOrigin::canLoad(const KURL& url, const String& referrer, Document* document) 292 299 { … … 294 301 return true; 295 302 296 // If we were provided a document, we let its local file policy dictate the result, 297 // otherwise we allow local loads only if the supplied referrer is also local. 298 if (document) 299 return document->securityOrigin()->canLoadLocalResources(); 303 // If we were provided a document, we first check if the access has been white listed. 304 // Then we let its local file police dictate the result. 305 // Otherwise we allow local loads only if the supplied referrer is also local. 306 if (document) { 307 SecurityOrigin* documentOrigin = document->securityOrigin(); 308 RefPtr<SecurityOrigin> targetOrigin = SecurityOrigin::create(url); 309 if (documentOrigin->isAccessWhiteListed(targetOrigin.get())) 310 return true; 311 return documentOrigin->canLoadLocalResources(); 312 } 300 313 if (!referrer.isEmpty()) 301 314 return shouldTreatURLAsLocal(referrer); -
trunk/WebCore/page/SecurityOrigin.h
r56757 r57238 204 204 bool passesFileCheck(const SecurityOrigin* other) const; 205 205 206 bool isAccessWhiteListed(const SecurityOrigin* targetOrigin) const; 207 206 208 SandboxFlags m_sandboxFlags; 207 209 String m_protocol;
Note: See TracChangeset
for help on using the changeset viewer.