Allow some schemes to opt-out of CORS
https://bugs.webkit.org/show_bug.cgi?id=167795
Patch by Youenn Fablet <youennf@gmail.com> on 2017-02-06
Reviewed by Alex Christensen.
Source/WebCore:
Test: http/tests/security/bypassing-cors-checks-for-extension-urls.html
Adding the possibility to opt out of CORS for DocumentThreadableLoader clients (fetch and XHR).
This is made specific to the case of user extension URLs for pages running user scripts.
Introducing a boolean flag in Page for that purpose.
Introducing a helper routine in SchemeRegistry to centralize the various user script extension schemes.
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
* page/Frame.cpp:
(WebCore::Frame::injectUserScripts):
* page/Page.h:
(WebCore::Page::setAsRunningUserScripts):
(WebCore::Page::isRunningUserScripts):
* platform/SchemeRegistry.cpp:
(WebCore::SchemeRegistry::isUserExtensionScheme):
* platform/SchemeRegistry.h:
* testing/Internals.cpp:
(WebCore::Internals::setAsRunningUserScripts):
* testing/Internals.h:
* testing/Internals.idl:
LayoutTests:
* http/tests/security/bypassing-cors-checks-for-extension-urls-expected.txt: Added.
* http/tests/security/bypassing-cors-checks-for-extension-urls.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@211758 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/platform/SchemeRegistry.cpp b/Source/WebCore/platform/SchemeRegistry.cpp
index 00c8898..ea25db8 100644
--- a/Source/WebCore/platform/SchemeRegistry.cpp
+++ b/Source/WebCore/platform/SchemeRegistry.cpp
@@ -357,4 +357,14 @@
}
#endif
+bool SchemeRegistry::isUserExtensionScheme(const String& scheme)
+{
+ UNUSED_PARAM(scheme);
+#if PLATFORM(MAC)
+ if (scheme == "safari-extension")
+ return true;
+#endif
+ return false;
+}
+
} // namespace WebCore
