-
https://bugs.webkit.org/show_bug.cgi?id=24853levin@chromium.org authored
specify a more granular policy for cross-origin XHR access. Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19 Reviewed by David Levin. Tests: http/tests/xmlhttprequest/origin-whitelisting-all.html http/tests/xmlhttprequest/origin-whitelisting-exact-match.html http/tests/xmlhttprequest/origin-whitelisting-https.html http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains.html http/tests/xmlhttprequest/origin-whitelisting-ip-addresses.html http/tests/xmlhttprequest/origin-whitelisting-subdomains.html * WebCore.base.exp: Export methods to manipulate origin access whitelists to enable testing via layout tests. * WebCore.xcodeproj/project.pbxproj: Add OriginAccessEntry.* * GNUmakefile.am: Ditto. * WebCore.gypi: Ditto. * WebCore.pro: Ditto. * WebCore.vcproj/WebCore.vcproj: Ditto. * WebCoreSources.blk: Ditto. * page/SecurityOrigin.h: Implement origin access whitelists. (WebCore::originAccessMap): Static getter for access whitelists. (WebCore::SecurityOrigin::canRequest): Modify request checking logic to check whitelists. (WebCore::SecurityOrigin::whiteListAccessFromOrigin): Add an entry to a whitelist. (WebCore::SecurityOrigin::resetOriginAccessWhiteLists): Clear all the whitelists. * page/OriginAccessEntry.h: Added. An entry in an origin access whitelist. * page/OriginAccessEntry.cpp: Ditto. WebKit/gtk: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to specify a more granular policy for cross-origin XHR access. Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19 Reviewed by David Levin. * webkit/webkitprivate.cpp: (webkit_white_list_access_to_origin): Add API to manipulate origin access whitelists. (webkit_reset_origin_access_white_lists): Ditto. * webkit/webkitprivate.h: Ditto. WebKit/mac: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to specify a more granular policy for cross-origin XHR access. Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19 Reviewed by David Levin. * WebView/WebView.mm: Add SPI to manipulate origin access whitelists. (+[WebView _whiteListAccessFromOrigin:destinationProtocol:destinationHost:allowDestinationSubdomains:]): Ditto. (+[WebView _resetOriginAccessWhiteLists]): Ditto. * WebView/WebViewPrivate.h: Ditto. WebKit/qt: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to specify a more granular policy for cross-origin XHR access. Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19 Reviewed by David Levin. * Api/qwebsecurityorigin.cpp: Add API to manipulate origin access whitelists. (QWebSecurityOrigin::whiteListAccessFromOrigin): Ditto. (QWebSecurityOrigin::resetOriginAccessWhiteLists): Ditto. * Api/qwebsecurityorigin.h: Ditto. WebKitTools: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to specify a more granular policy for cross-origin XHR access. Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19 Reviewed by David Levin. * DumpRenderTree/LayoutTestController.cpp: Expose whiteListAccessFromOrigin() to layout tests. (whiteListAccessFromOriginCallback): Ditto. (LayoutTestController::staticFunctions): Ditto. * DumpRenderTree/LayoutTestController.h: Ditto. * DumpRenderTree/gtk/LayoutTestControllerGtk.cpp: Ditto. (LayoutTestController::whiteListAccessToOrigin): Ditto. * DumpRenderTree/mac/LayoutTestControllerMac.mm: Ditto. (LayoutTestController::whiteListAccessFromOrigin): Ditto. * DumpRenderTree/qt/jsobjects.cpp: Ditto. (LayoutTestController::whiteListAccessFromOrigin): Ditto. * DumpRenderTree/win/LayoutTestControllerWin.cpp: Stub out whiteListAccessFromOrigin(). (LayoutTestController::whiteListAccessFromOrigin): Ditto. * DumpRenderTree/gtk/DumpRenderTree.cpp: Reset origin access lists before each test. (resetWebViewToConsistentStateBeforeTesting): Ditto. * DumpRenderTree/mac/DumpRenderTree.mm: Ditto. (resetWebViewToConsistentStateBeforeTesting): Ditto. * DumpRenderTree/qt/DumpRenderTree.cpp: Ditto. (WebCore::DumpRenderTree::resetToConsistentStateBeforeTesting): Ditto. LayoutTests: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to specify a more granular policy for cross-origin XHR access. Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19 Reviewed by David Levin. * http/tests/xmlhttprequest/origin-whitelisting-all-expected.txt: Added. * http/tests/xmlhttprequest/origin-whitelisting-all.html: Added. * http/tests/xmlhttprequest/origin-whitelisting-exact-match-expected.txt: Added. * http/tests/xmlhttprequest/origin-whitelisting-exact-match.html: Added. * http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt: Added. * http/tests/xmlhttprequest/origin-whitelisting-https.html: Added. * http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-expected.txt: Added. * http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt: Added. * http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains.html: Added. * http/tests/xmlhttprequest/origin-whitelisting-ip-addresses.html: Added. * http/tests/xmlhttprequest/origin-whitelisting-subdomains-expected.txt: Added. * http/tests/xmlhttprequest/origin-whitelisting-subdomains.html: Added. * http/tests/xmlhttprequest/resources/origin-whitelisting-ip-address-test.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@47548 268f45cc-cd09-0410-ab3c-d52691b4dbfc
234cc228