Skip to content
Find file Blame History Permalink
  • levin@chromium.org's avatar
    WebCore: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to · 234cc228
    levin@chromium.org authored 
    specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

Tests: http/tests/xmlhttprequest/origin-whitelisting-all.html
       http/tests/xmlhttprequest/origin-whitelisting-exact-match.html
       http/tests/xmlhttprequest/origin-whitelisting-https.html
       http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains.html
       http/tests/xmlhttprequest/origin-whitelisting-ip-addresses.html
       http/tests/xmlhttprequest/origin-whitelisting-subdomains.html

* WebCore.base.exp: Export methods to manipulate origin access whitelists to enable
testing via layout tests.

* WebCore.xcodeproj/project.pbxproj: Add OriginAccessEntry.*
* GNUmakefile.am: Ditto.
* WebCore.gypi: Ditto.
* WebCore.pro: Ditto.
* WebCore.vcproj/WebCore.vcproj: Ditto.
* WebCoreSources.blk: Ditto.

* page/SecurityOrigin.h: Implement origin access whitelists.
(WebCore::originAccessMap): Static getter for access whitelists.
(WebCore::SecurityOrigin::canRequest): Modify request checking logic to check whitelists.
(WebCore::SecurityOrigin::whiteListAccessFromOrigin): Add an entry to a whitelist.
(WebCore::SecurityOrigin::resetOriginAccessWhiteLists): Clear all the whitelists.

* page/OriginAccessEntry.h: Added. An entry in an origin access whitelist.
* page/OriginAccessEntry.cpp: Ditto.

WebKit/gtk: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

* webkit/webkitprivate.cpp:
(webkit_white_list_access_to_origin): Add API to manipulate origin access whitelists.
(webkit_reset_origin_access_white_lists): Ditto.
* webkit/webkitprivate.h: Ditto.

WebKit/mac: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

* WebView/WebView.mm: Add SPI to manipulate origin access whitelists.
(+[WebView _whiteListAccessFromOrigin:destinationProtocol:destinationHost:allowDestinationSubdomains:]): Ditto.
(+[WebView _resetOriginAccessWhiteLists]): Ditto.
* WebView/WebViewPrivate.h: Ditto.

WebKit/qt: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

* Api/qwebsecurityorigin.cpp: Add API to manipulate origin access whitelists.
(QWebSecurityOrigin::whiteListAccessFromOrigin): Ditto.
(QWebSecurityOrigin::resetOriginAccessWhiteLists): Ditto.
* Api/qwebsecurityorigin.h: Ditto.

WebKitTools: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

* DumpRenderTree/LayoutTestController.cpp: Expose whiteListAccessFromOrigin() to layout tests.
(whiteListAccessFromOriginCallback): Ditto.
(LayoutTestController::staticFunctions): Ditto.
* DumpRenderTree/LayoutTestController.h: Ditto.
* DumpRenderTree/gtk/LayoutTestControllerGtk.cpp: Ditto.
(LayoutTestController::whiteListAccessToOrigin): Ditto.
* DumpRenderTree/mac/LayoutTestControllerMac.mm: Ditto.
(LayoutTestController::whiteListAccessFromOrigin): Ditto.
* DumpRenderTree/qt/jsobjects.cpp: Ditto.
(LayoutTestController::whiteListAccessFromOrigin): Ditto.
* DumpRenderTree/win/LayoutTestControllerWin.cpp: Stub out whiteListAccessFromOrigin().
(LayoutTestController::whiteListAccessFromOrigin): Ditto.
* DumpRenderTree/gtk/DumpRenderTree.cpp: Reset origin access lists before each test.
(resetWebViewToConsistentStateBeforeTesting): Ditto.
* DumpRenderTree/mac/DumpRenderTree.mm: Ditto.
(resetWebViewToConsistentStateBeforeTesting): Ditto.
* DumpRenderTree/qt/DumpRenderTree.cpp: Ditto.
(WebCore::DumpRenderTree::resetToConsistentStateBeforeTesting): Ditto.

LayoutTests: https://bugs.webkit.org/show_bug.cgi?id=24853: Provide a way for WebKit clients to
specify a more granular policy for cross-origin XHR access.

Patch by Aaron Boodman <aa@chromium.org> on 2009-08-19
Reviewed by David Levin.

* http/tests/xmlhttprequest/origin-whitelisting-all-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-all.html: Added.
* http/tests/xmlhttprequest/origin-whitelisting-exact-match-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-exact-match.html: Added.
* http/tests/xmlhttprequest/origin-whitelisting-https-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-https.html: Added.
* http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains.html: Added.
* http/tests/xmlhttprequest/origin-whitelisting-ip-addresses.html: Added.
* http/tests/xmlhttprequest/origin-whitelisting-subdomains-expected.txt: Added.
* http/tests/xmlhttprequest/origin-whitelisting-subdomains.html: Added.
* http/tests/xmlhttprequest/resources/origin-whitelisting-ip-address-test.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@47548 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    234cc228