[GTK] Add API to get/set the security policy of a given URI scheme to WebKit2 GTK+
https://bugs.webkit.org/show_bug.cgi?id=96497
Reviewed by Martin Robinson.
Source/WebCore:
* WebCore.exp.in: Add new exported symbols.
Source/WebKit2:
Add WebKitSecurityManager object associated to a WebKitWebContext
to get/set the security policy of a URI scheme.
* GNUmakefile.list.am: Add new files to compilation.
* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode): Encode the list of
schemes to be reigstered as Local, NoAccess, DisplayIsolated and
CORSEnabled.
(WebKit::WebProcessCreationParameters::decode): Decode the list of
schemes to be reigstered as Local, NoAccess, DisplayIsolated and
CORSEnabled.
* Shared/WebProcessCreationParameters.h:
(WebProcessCreationParameters): Add new parameters to be able to
register schemes as Local, NoAccess, DisplayIsolated and
CORSEnabled.
* UIProcess/API/gtk/WebKitSecurityManager.cpp: Added.
(webkit_security_manager_init):
(webkitSecurityManagerFinalize):
(webkit_security_manager_class_init):
(webkitSecurityManagerCreate): Private function to create the
WebKitSecurityManager object associated to the given
WebKitWebContext.
(registerSecurityPolicyForURIScheme):
(checkSecurityPolicyForURIScheme):
(webkit_security_manager_register_uri_scheme_as_local):
(webkit_security_manager_uri_scheme_is_local):
(webkit_security_manager_register_uri_scheme_as_no_access):
(webkit_security_manager_uri_scheme_is_no_access):
(webkit_security_manager_register_uri_scheme_as_display_isolated):
(webkit_security_manager_uri_scheme_is_display_isolated):
(webkit_security_manager_register_uri_scheme_as_secure):
(webkit_security_manager_uri_scheme_is_secure):
(webkit_security_manager_register_uri_scheme_as_cors_enabled):
(webkit_security_manager_uri_scheme_is_cors_enabled):
(webkit_security_manager_register_uri_scheme_as_empty_document):
(webkit_security_manager_uri_scheme_is_empty_document):
* UIProcess/API/gtk/WebKitSecurityManager.h: Added.
* UIProcess/API/gtk/WebKitSecurityManagerPrivate.h: Added.
* UIProcess/API/gtk/WebKitWebContext.cpp:
(webkit_web_context_get_security_manager): Return the
WebKitSecurityManager object, creating it before if it doesn't exist.
* UIProcess/API/gtk/WebKitWebContext.h:
* UIProcess/API/gtk/docs/webkit2gtk-docs.sgml: Add new section for
WebKitSecurityManager.
* UIProcess/API/gtk/docs/webkit2gtk-sections.txt: Add new symbols.
* UIProcess/API/gtk/tests/TestWebKitWebContext.cpp:
(testWebContextSecurityPolicy):
(beforeAll):
* UIProcess/API/gtk/webkit2.h: Add WebKitSecurityManager.h.
* UIProcess/WebContext.cpp:
(WebKit::WebContext::createNewWebProcess): Copy new vector
schemes.
(WebKit::WebContext::registerURLSchemeAsLocal): Send a message to
WebProcess to register the given URL scheme as Local.
(WebKit::WebContext::registerURLSchemeAsNoAccess): Send a message
to WebProcess to register the given URL scheme as NoAccess.
(WebKit::WebContext::registerURLSchemeAsDisplayIsolated): Send a
message to WebProcess to register the given URL scheme as
DisplayIsolated.
(WebKit::WebContext::registerURLSchemeAsCORSEnabled): Send a
message to WebProcess to register the given URL scheme as
CORSEnabled.
* UIProcess/WebContext.h:
(WebContext):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::registerURLSchemeAsLocal): Register the
given URL scheme as Local in the SchemeRegistry.
(WebKit::WebProcess::registerURLSchemeAsNoAccess): Register the
given URL scheme as NoAccess in the SchemeRegistry.
(WebKit::WebProcess::registerURLSchemeAsDisplayIsolated): Register
the given URL scheme as DisplayIsolated in the SchemeRegistry.
(WebKit::WebProcess::registerURLSchemeAsCORSEnabled): Register the
given URL scheme as CORSEnabled in the SchemeRegistry.
* WebProcess/WebProcess.h:
* WebProcess/WebProcess.messages.in: Add new messages.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128989 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index a7b6109..9866133 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,12 @@
+2012-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Add API to get/set the security policy of a given URI scheme to WebKit2 GTK+
+ https://bugs.webkit.org/show_bug.cgi?id=96497
+
+ Reviewed by Martin Robinson.
+
+ * WebCore.exp.in: Add new exported symbols.
+
2012-09-19 Patrick Gansterer <paroga@webkit.org>
[WIN] Use BString in favour of BSTR to improve memory management
diff --git a/Source/WebCore/WebCore.exp.in b/Source/WebCore/WebCore.exp.in
index 4c4e05b..1a6f4fb 100644
--- a/Source/WebCore/WebCore.exp.in
+++ b/Source/WebCore/WebCore.exp.in
@@ -271,7 +271,10 @@
__ZN7WebCore14ResourceLoader14cancelledErrorEv
__ZN7WebCore14SchemeRegistry24registerURLSchemeAsLocalERKN3WTF6StringE
__ZN7WebCore14SchemeRegistry25registerURLSchemeAsSecureERKN3WTF6StringE
+__ZN7WebCore14SchemeRegistry27registerURLSchemeAsNoAccessERKN3WTF6StringE
+__ZN7WebCore14SchemeRegistry30registerURLSchemeAsCORSEnabledERKN3WTF6StringE
__ZN7WebCore14SchemeRegistry32registerURLSchemeAsEmptyDocumentERKN3WTF6StringE
+__ZN7WebCore14SchemeRegistry34registerURLSchemeAsDisplayIsolatedERKN3WTF6StringE
__ZN7WebCore14SchemeRegistry34shouldLoadURLSchemeAsEmptyDocumentERKN3WTF6StringE
__ZN7WebCore14SchemeRegistry40setDomainRelaxationForbiddenForURLSchemeEbRKN3WTF6StringE
__ZN7WebCore14SchemeRegistry58registerURLSchemeAsAllowingDatabaseAccessInPrivateBrowsingERKN3WTF6StringE
diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
index 700d12b..7a88e51 100644
--- a/Source/WebKit2/ChangeLog
+++ b/Source/WebKit2/ChangeLog
@@ -1,3 +1,86 @@
+2012-09-19 Carlos Garcia Campos <cgarcia@igalia.com>
+
+ [GTK] Add API to get/set the security policy of a given URI scheme to WebKit2 GTK+
+ https://bugs.webkit.org/show_bug.cgi?id=96497
+
+ Reviewed by Martin Robinson.
+
+ Add WebKitSecurityManager object associated to a WebKitWebContext
+ to get/set the security policy of a URI scheme.
+
+ * GNUmakefile.list.am: Add new files to compilation.
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode): Encode the list of
+ schemes to be reigstered as Local, NoAccess, DisplayIsolated and
+ CORSEnabled.
+ (WebKit::WebProcessCreationParameters::decode): Decode the list of
+ schemes to be reigstered as Local, NoAccess, DisplayIsolated and
+ CORSEnabled.
+ * Shared/WebProcessCreationParameters.h:
+ (WebProcessCreationParameters): Add new parameters to be able to
+ register schemes as Local, NoAccess, DisplayIsolated and
+ CORSEnabled.
+ * UIProcess/API/gtk/WebKitSecurityManager.cpp: Added.
+ (webkit_security_manager_init):
+ (webkitSecurityManagerFinalize):
+ (webkit_security_manager_class_init):
+ (webkitSecurityManagerCreate): Private function to create the
+ WebKitSecurityManager object associated to the given
+ WebKitWebContext.
+ (registerSecurityPolicyForURIScheme):
+ (checkSecurityPolicyForURIScheme):
+ (webkit_security_manager_register_uri_scheme_as_local):
+ (webkit_security_manager_uri_scheme_is_local):
+ (webkit_security_manager_register_uri_scheme_as_no_access):
+ (webkit_security_manager_uri_scheme_is_no_access):
+ (webkit_security_manager_register_uri_scheme_as_display_isolated):
+ (webkit_security_manager_uri_scheme_is_display_isolated):
+ (webkit_security_manager_register_uri_scheme_as_secure):
+ (webkit_security_manager_uri_scheme_is_secure):
+ (webkit_security_manager_register_uri_scheme_as_cors_enabled):
+ (webkit_security_manager_uri_scheme_is_cors_enabled):
+ (webkit_security_manager_register_uri_scheme_as_empty_document):
+ (webkit_security_manager_uri_scheme_is_empty_document):
+ * UIProcess/API/gtk/WebKitSecurityManager.h: Added.
+ * UIProcess/API/gtk/WebKitSecurityManagerPrivate.h: Added.
+ * UIProcess/API/gtk/WebKitWebContext.cpp:
+ (webkit_web_context_get_security_manager): Return the
+ WebKitSecurityManager object, creating it before if it doesn't exist.
+ * UIProcess/API/gtk/WebKitWebContext.h:
+ * UIProcess/API/gtk/docs/webkit2gtk-docs.sgml: Add new section for
+ WebKitSecurityManager.
+ * UIProcess/API/gtk/docs/webkit2gtk-sections.txt: Add new symbols.
+ * UIProcess/API/gtk/tests/TestWebKitWebContext.cpp:
+ (testWebContextSecurityPolicy):
+ (beforeAll):
+ * UIProcess/API/gtk/webkit2.h: Add WebKitSecurityManager.h.
+ * UIProcess/WebContext.cpp:
+ (WebKit::WebContext::createNewWebProcess): Copy new vector
+ schemes.
+ (WebKit::WebContext::registerURLSchemeAsLocal): Send a message to
+ WebProcess to register the given URL scheme as Local.
+ (WebKit::WebContext::registerURLSchemeAsNoAccess): Send a message
+ to WebProcess to register the given URL scheme as NoAccess.
+ (WebKit::WebContext::registerURLSchemeAsDisplayIsolated): Send a
+ message to WebProcess to register the given URL scheme as
+ DisplayIsolated.
+ (WebKit::WebContext::registerURLSchemeAsCORSEnabled): Send a
+ message to WebProcess to register the given URL scheme as
+ CORSEnabled.
+ * UIProcess/WebContext.h:
+ (WebContext):
+ * WebProcess/WebProcess.cpp:
+ (WebKit::WebProcess::registerURLSchemeAsLocal): Register the
+ given URL scheme as Local in the SchemeRegistry.
+ (WebKit::WebProcess::registerURLSchemeAsNoAccess): Register the
+ given URL scheme as NoAccess in the SchemeRegistry.
+ (WebKit::WebProcess::registerURLSchemeAsDisplayIsolated): Register
+ the given URL scheme as DisplayIsolated in the SchemeRegistry.
+ (WebKit::WebProcess::registerURLSchemeAsCORSEnabled): Register the
+ given URL scheme as CORSEnabled in the SchemeRegistry.
+ * WebProcess/WebProcess.h:
+ * WebProcess/WebProcess.messages.in: Add new messages.
+
2012-09-19 Balazs Kelemen <kbalazs@webkit.org>
[Texmap] Potential crash in TextureMapperLayer because of referencing deleted mask/replica layer
diff --git a/Source/WebKit2/GNUmakefile.list.am b/Source/WebKit2/GNUmakefile.list.am
index f10249d..41d311d 100644
--- a/Source/WebKit2/GNUmakefile.list.am
+++ b/Source/WebKit2/GNUmakefile.list.am
@@ -118,6 +118,7 @@
$(WebKit2)/UIProcess/API/gtk/WebKitPrintOperation.h \
$(WebKit2)/UIProcess/API/gtk/WebKitResponsePolicyDecision.h \
$(WebKit2)/UIProcess/API/gtk/WebKitScriptDialog.h \
+ $(WebKit2)/UIProcess/API/gtk/WebKitSecurityManager.h \
$(WebKit2)/UIProcess/API/gtk/WebKitSettings.h \
$(WebKit2)/UIProcess/API/gtk/WebKitURIRequest.h \
$(WebKit2)/UIProcess/API/gtk/WebKitURIResponse.h \
@@ -697,6 +698,9 @@
Source/WebKit2/UIProcess/API/gtk/WebKitScriptDialog.cpp \
Source/WebKit2/UIProcess/API/gtk/WebKitScriptDialog.h \
Source/WebKit2/UIProcess/API/gtk/WebKitScriptDialogPrivate.h \
+ Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManager.cpp \
+ Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManager.h \
+ Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManagerPrivate.h \
Source/WebKit2/UIProcess/API/gtk/WebKitSettings.cpp \
Source/WebKit2/UIProcess/API/gtk/WebKitSettings.h \
Source/WebKit2/UIProcess/API/gtk/WebKitSettingsPrivate.h \
diff --git a/Source/WebKit2/Shared/WebProcessCreationParameters.cpp b/Source/WebKit2/Shared/WebProcessCreationParameters.cpp
index 4339d59..31f11a7 100644
--- a/Source/WebKit2/Shared/WebProcessCreationParameters.cpp
+++ b/Source/WebKit2/Shared/WebProcessCreationParameters.cpp
@@ -60,6 +60,10 @@
encoder->encode(urlSchemesRegistererdAsEmptyDocument);
encoder->encode(urlSchemesRegisteredAsSecure);
encoder->encode(urlSchemesForWhichDomainRelaxationIsForbidden);
+ encoder->encode(urlSchemesRegisteredAsLocal);
+ encoder->encode(urlSchemesRegisteredAsNoAccess);
+ encoder->encode(urlSchemesRegisteredAsDisplayIsolated);
+ encoder->encode(urlSchemesRegisteredAsCORSEnabled);
encoder->encode(mimeTypesWithCustomRepresentation);
encoder->encodeEnum(cacheModel);
encoder->encode(shouldTrackVisitedLinks);
@@ -134,6 +138,14 @@
return false;
if (!decoder->decode(parameters.urlSchemesForWhichDomainRelaxationIsForbidden))
return false;
+ if (!decoder->decode(parameters.urlSchemesRegisteredAsLocal))
+ return false;
+ if (!decoder->decode(parameters.urlSchemesRegisteredAsNoAccess))
+ return false;
+ if (!decoder->decode(parameters.urlSchemesRegisteredAsDisplayIsolated))
+ return false;
+ if (!decoder->decode(parameters.urlSchemesRegisteredAsCORSEnabled))
+ return false;
if (!decoder->decode(parameters.mimeTypesWithCustomRepresentation))
return false;
if (!decoder->decodeEnum(parameters.cacheModel))
diff --git a/Source/WebKit2/Shared/WebProcessCreationParameters.h b/Source/WebKit2/Shared/WebProcessCreationParameters.h
index 9fae17f..892ab8b 100644
--- a/Source/WebKit2/Shared/WebProcessCreationParameters.h
+++ b/Source/WebKit2/Shared/WebProcessCreationParameters.h
@@ -64,6 +64,10 @@
Vector<String> urlSchemesRegistererdAsEmptyDocument;
Vector<String> urlSchemesRegisteredAsSecure;
Vector<String> urlSchemesForWhichDomainRelaxationIsForbidden;
+ Vector<String> urlSchemesRegisteredAsLocal;
+ Vector<String> urlSchemesRegisteredAsNoAccess;
+ Vector<String> urlSchemesRegisteredAsDisplayIsolated;
+ Vector<String> urlSchemesRegisteredAsCORSEnabled;
// MIME types for which the UI process will handle showing the data.
Vector<String> mimeTypesWithCustomRepresentation;
diff --git a/Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManager.cpp b/Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManager.cpp
new file mode 100644
index 0000000..53b46f8
--- /dev/null
+++ b/Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManager.cpp
@@ -0,0 +1,336 @@
+/*
+ * Copyright (C) 2012 Igalia S.L.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2,1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#include "config.h"
+#include "WebKitSecurityManager.h"
+
+#include "WebContext.h"
+#include "WebKitSecurityManagerPrivate.h"
+#include "WebKitWebContextPrivate.h"
+#include <WebCore/SchemeRegistry.h>
+
+using namespace WebKit;
+
+typedef enum {
+ SecurityPolicyLocal,
+ SecurityPolicyNoAccess,
+ SecurityPolicyDisplayIsolated,
+ SecurityPolicySecure,
+ SecurityPolicyCORSEnabled,
+ SecurityPolicyEmptyDocument
+} SecurityPolicy;
+
+struct _WebKitSecurityManagerPrivate {
+ WebKitWebContext* webContext;
+};
+
+G_DEFINE_TYPE(WebKitSecurityManager, webkit_security_manager, G_TYPE_OBJECT)
+
+static void webkit_security_manager_init(WebKitSecurityManager* manager)
+{
+ WebKitSecurityManagerPrivate* priv = G_TYPE_INSTANCE_GET_PRIVATE(manager, WEBKIT_TYPE_SECURITY_MANAGER, WebKitSecurityManagerPrivate);
+ manager->priv = priv;
+ new (priv) WebKitSecurityManagerPrivate();
+}
+
+static void webkitSecurityManagerFinalize(GObject* object)
+{
+ WebKitSecurityManagerPrivate* priv = WEBKIT_SECURITY_MANAGER(object)->priv;
+ priv->~WebKitSecurityManagerPrivate();
+ G_OBJECT_CLASS(webkit_security_manager_parent_class)->finalize(object);
+}
+
+static void webkit_security_manager_class_init(WebKitSecurityManagerClass* klass)
+{
+ GObjectClass* gObjectClass = G_OBJECT_CLASS(klass);
+ gObjectClass->finalize = webkitSecurityManagerFinalize;
+
+ g_type_class_add_private(klass, sizeof(WebKitSecurityManagerPrivate));
+}
+
+WebKitSecurityManager* webkitSecurityManagerCreate(WebKitWebContext* webContext)
+{
+ WebKitSecurityManager* manager = WEBKIT_SECURITY_MANAGER(g_object_new(WEBKIT_TYPE_SECURITY_MANAGER, NULL));
+ manager->priv->webContext = webContext;
+ return manager;
+}
+
+static void registerSecurityPolicyForURIScheme(WebKitSecurityManager* manager, const char* scheme, SecurityPolicy policy)
+{
+ String urlScheme = String::fromUTF8(scheme);
+ WebContext* webContext = toImpl(webkitWebContextGetWKContext(manager->priv->webContext));
+
+ // We keep the WebCore::SchemeRegistry of the UI process in sync with the
+ // web process one, so that we can return the SecurityPolicy for
+ // a given URI scheme synchronously without blocking.
+ switch (policy) {
+ case SecurityPolicyLocal:
+ WebCore::SchemeRegistry::registerURLSchemeAsLocal(urlScheme);
+ webContext->registerURLSchemeAsLocal(urlScheme);
+ break;
+ case SecurityPolicyNoAccess:
+ WebCore::SchemeRegistry::registerURLSchemeAsNoAccess(urlScheme);
+ webContext->registerURLSchemeAsNoAccess(urlScheme);
+ break;
+ case SecurityPolicyDisplayIsolated:
+ WebCore::SchemeRegistry::registerURLSchemeAsDisplayIsolated(urlScheme);
+ webContext->registerURLSchemeAsDisplayIsolated(urlScheme);
+ break;
+ case SecurityPolicySecure:
+ WebCore::SchemeRegistry::registerURLSchemeAsSecure(urlScheme);
+ webContext->registerURLSchemeAsSecure(urlScheme);
+ break;
+ case SecurityPolicyCORSEnabled:
+ WebCore::SchemeRegistry::registerURLSchemeAsCORSEnabled(urlScheme);
+ webContext->registerURLSchemeAsCORSEnabled(urlScheme);
+ break;
+ case SecurityPolicyEmptyDocument:
+ WebCore::SchemeRegistry::registerURLSchemeAsEmptyDocument(urlScheme);
+ webContext->registerURLSchemeAsEmptyDocument(urlScheme);
+ break;
+ }
+}
+
+static bool checkSecurityPolicyForURIScheme(const char* scheme, SecurityPolicy policy)
+{
+ String urlScheme = String::fromUTF8(scheme);
+
+ switch (policy) {
+ case SecurityPolicyLocal:
+ return WebCore::SchemeRegistry::shouldTreatURLSchemeAsLocal(urlScheme);
+ case SecurityPolicyNoAccess:
+ return WebCore::SchemeRegistry::shouldTreatURLSchemeAsNoAccess(urlScheme);
+ case SecurityPolicyDisplayIsolated:
+ return WebCore::SchemeRegistry::shouldTreatURLSchemeAsDisplayIsolated(urlScheme);
+ case SecurityPolicySecure:
+ return WebCore::SchemeRegistry::shouldTreatURLSchemeAsSecure(urlScheme);
+ case SecurityPolicyCORSEnabled:
+ return WebCore::SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled(urlScheme);
+ case SecurityPolicyEmptyDocument:
+ return WebCore::SchemeRegistry::shouldLoadURLSchemeAsEmptyDocument(urlScheme);
+ }
+
+ return false;
+}
+
+/**
+ * webkit_security_manager_register_uri_scheme_as_local:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Register @scheme as a local scheme. This means that other non-local pages
+ * cannot link to or access URIs of this scheme.
+ */
+void webkit_security_manager_register_uri_scheme_as_local(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager));
+ g_return_if_fail(scheme);
+
+ registerSecurityPolicyForURIScheme(manager, scheme, SecurityPolicyLocal);
+}
+
+/**
+ * webkit_security_manager_uri_scheme_is_local:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Whether @scheme is considered as a local scheme.
+ * See also webkit_security_manager_register_uri_scheme_as_local().
+ *
+ * Returns: %TRUE if @scheme is a local scheme or %FALSE otherwise.
+ */
+gboolean webkit_security_manager_uri_scheme_is_local(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_val_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager), FALSE);
+ g_return_val_if_fail(scheme, FALSE);
+
+ return checkSecurityPolicyForURIScheme(scheme, SecurityPolicyLocal);
+}
+
+/**
+ * webkit_security_manager_register_uri_scheme_as_no_access:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Register @scheme as a no-access scheme. This means that pages loaded
+ * with this URI scheme cannot access pages loaded with any other URI scheme.
+ */
+void webkit_security_manager_register_uri_scheme_as_no_access(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager));
+ g_return_if_fail(scheme);
+
+ registerSecurityPolicyForURIScheme(manager, scheme, SecurityPolicyNoAccess);
+}
+
+/**
+ * webkit_security_manager_uri_scheme_is_no_access:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Whether @scheme is considered as a no-access scheme.
+ * See also webkit_security_manager_register_uri_scheme_as_no_access().
+ *
+ * Returns: %TRUE if @scheme is a no-access scheme or %FALSE otherwise.
+ */
+gboolean webkit_security_manager_uri_scheme_is_no_access(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_val_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager), FALSE);
+ g_return_val_if_fail(scheme, FALSE);
+
+ return checkSecurityPolicyForURIScheme(scheme, SecurityPolicyNoAccess);
+}
+
+/**
+ * webkit_security_manager_register_uri_scheme_as_display_isolated:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Register @scheme as a display isolated scheme. This means that pages cannot
+ * display these URIs unless they are from the same scheme.
+ */
+void webkit_security_manager_register_uri_scheme_as_display_isolated(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager));
+ g_return_if_fail(scheme);
+
+ registerSecurityPolicyForURIScheme(manager, scheme, SecurityPolicyDisplayIsolated);
+}
+
+/**
+ * webkit_security_manager_uri_scheme_is_display_isolated:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Whether @scheme is considered as a display isolated scheme.
+ * See also webkit_security_manager_register_uri_scheme_as_display_isolated().
+ *
+ * Returns: %TRUE if @scheme is a display isolated scheme or %FALSE otherwise.
+ */
+gboolean webkit_security_manager_uri_scheme_is_display_isolated(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_val_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager), FALSE);
+ g_return_val_if_fail(scheme, FALSE);
+
+ return checkSecurityPolicyForURIScheme(scheme, SecurityPolicyDisplayIsolated);
+}
+
+/**
+ * webkit_security_manager_register_uri_scheme_as_secure:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Register @scheme as a secure scheme. This means that mixed
+ * content warnings won't be generated for this scheme when
+ * included by an HTTPS page.
+ */
+void webkit_security_manager_register_uri_scheme_as_secure(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager));
+ g_return_if_fail(scheme);
+
+ registerSecurityPolicyForURIScheme(manager, scheme, SecurityPolicySecure);
+}
+
+/**
+ * webkit_security_manager_uri_scheme_is_secure:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Whether @scheme is considered as a secure scheme.
+ * See also webkit_security_manager_register_uri_scheme_as_secure().
+ *
+ * Returns: %TRUE if @scheme is a secure scheme or %FALSE otherwise.
+ */
+gboolean webkit_security_manager_uri_scheme_is_secure(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_val_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager), FALSE);
+ g_return_val_if_fail(scheme, FALSE);
+
+ return checkSecurityPolicyForURIScheme(scheme, SecurityPolicySecure);
+}
+
+/**
+ * webkit_security_manager_register_uri_scheme_as_cors_enabled:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Register @scheme as a CORS (Cross-origin resource sharing) enabled scheme.
+ * This means that CORS requests are allowed. See W3C CORS specification
+ * http://www.w3.org/TR/cors/.
+ */
+void webkit_security_manager_register_uri_scheme_as_cors_enabled(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager));
+ g_return_if_fail(scheme);
+
+ registerSecurityPolicyForURIScheme(manager, scheme, SecurityPolicyCORSEnabled);
+}
+
+/**
+ * webkit_security_manager_uri_scheme_is_cors_enabled:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Whether @scheme is considered as a CORS enabled scheme.
+ * See also webkit_security_manager_register_uri_scheme_as_cors_enabled().
+ *
+ * Returns: %TRUE if @scheme is a CORS enabled scheme or %FALSE otherwise.
+ */
+gboolean webkit_security_manager_uri_scheme_is_cors_enabled(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_val_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager), FALSE);
+ g_return_val_if_fail(scheme, FALSE);
+
+ return checkSecurityPolicyForURIScheme(scheme, SecurityPolicyCORSEnabled);
+}
+
+/**
+ * webkit_security_manager_register_uri_scheme_as_empty_document:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Register @scheme as an empty document scheme. This means that
+ * they are allowd to commit synchronously.
+ */
+void webkit_security_manager_register_uri_scheme_as_empty_document(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager));
+ g_return_if_fail(scheme);
+
+ registerSecurityPolicyForURIScheme(manager, scheme, SecurityPolicyEmptyDocument);
+}
+
+/**
+ * webkit_security_manager_uri_scheme_is_empty_document:
+ * @security_manager: a #WebKitSecurityManager
+ * @scheme: a URI scheme
+ *
+ * Whether @scheme is considered as an empty document scheme.
+ * See also webkit_security_manager_register_uri_scheme_as_empty_document().
+ *
+ * Returns: %TRUE if @scheme is a an empty document scheme or %FALSE otherwise.
+ */
+gboolean webkit_security_manager_uri_scheme_is_empty_document(WebKitSecurityManager* manager, const char* scheme)
+{
+ g_return_val_if_fail(WEBKIT_IS_SECURITY_MANAGER(manager), FALSE);
+ g_return_val_if_fail(scheme, FALSE);
+
+ return checkSecurityPolicyForURIScheme(scheme, SecurityPolicyEmptyDocument);
+}
diff --git a/Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManager.h b/Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManager.h
new file mode 100644
index 0000000..fb8c36e
--- /dev/null
+++ b/Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManager.h
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2012 Igalia S.L.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2,1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#if !defined(__WEBKIT2_H_INSIDE__) && !defined(WEBKIT2_COMPILATION)
+#error "Only <webkit2/webkit2.h> can be included directly."
+#endif
+
+#ifndef WebKitSecurityManager_h
+#define WebKitSecurityManager_h
+
+#include <glib-object.h>
+#include <webkit2/WebKitDefines.h>
+
+G_BEGIN_DECLS
+
+#define WEBKIT_TYPE_SECURITY_MANAGER (webkit_security_manager_get_type())
+#define WEBKIT_SECURITY_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), WEBKIT_TYPE_SECURITY_MANAGER, WebKitSecurityManager))
+#define WEBKIT_IS_SECURITY_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), WEBKIT_TYPE_SECURITY_MANAGER))
+#define WEBKIT_SECURITY_MANAGER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), WEBKIT_TYPE_SECURITY_MANAGER, WebKitSecurityManagerClass))
+#define WEBKIT_IS_SECURITY_MANAGER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), WEBKIT_TYPE_SECURITY_MANAGER))
+#define WEBKIT_SECURITY_MANAGER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), WEBKIT_TYPE_SECURITY_MANAGER, WebKitSecurityManagerClass))
+
+typedef struct _WebKitSecurityManager WebKitSecurityManager;
+typedef struct _WebKitSecurityManagerClass WebKitSecurityManagerClass;
+typedef struct _WebKitSecurityManagerPrivate WebKitSecurityManagerPrivate;
+
+struct _WebKitSecurityManager {
+ GObject parent;
+
+ WebKitSecurityManagerPrivate *priv;
+};
+
+struct _WebKitSecurityManagerClass {
+ GObjectClass parent_class;
+};
+
+WEBKIT_API GType
+webkit_security_manager_get_type (void);
+
+WEBKIT_API void
+webkit_security_manager_register_uri_scheme_as_local (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API gboolean
+webkit_security_manager_uri_scheme_is_local (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API void
+webkit_security_manager_register_uri_scheme_as_no_access (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API gboolean
+webkit_security_manager_uri_scheme_is_no_access (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API void
+webkit_security_manager_register_uri_scheme_as_display_isolated (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API gboolean
+webkit_security_manager_uri_scheme_is_display_isolated (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API void
+webkit_security_manager_register_uri_scheme_as_secure (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API gboolean
+webkit_security_manager_uri_scheme_is_secure (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API void
+webkit_security_manager_register_uri_scheme_as_cors_enabled (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API gboolean
+webkit_security_manager_uri_scheme_is_cors_enabled (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API void
+webkit_security_manager_register_uri_scheme_as_empty_document (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+WEBKIT_API gboolean
+webkit_security_manager_uri_scheme_is_empty_document (WebKitSecurityManager *security_manager,
+ const gchar *scheme);
+
+G_END_DECLS
+
+#endif
diff --git a/Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManagerPrivate.h b/Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManagerPrivate.h
new file mode 100644
index 0000000..feabdce
--- /dev/null
+++ b/Source/WebKit2/UIProcess/API/gtk/WebKitSecurityManagerPrivate.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2012 Igalia S.L.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public License
+ * along with this library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+#ifndef WebKitSecurityManagerPrivate_h
+#define WebKitSecurityManagerPrivate_h
+
+#include "WebKitSecurityManager.h"
+#include "WebKitWebContext.h"
+
+WebKitSecurityManager* webkitSecurityManagerCreate(WebKitWebContext*);
+
+#endif // WebKitSecurityManagerPrivate_h
diff --git a/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp b/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp
index e9231e4..5b2c266 100644
--- a/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp
+++ b/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp
@@ -28,6 +28,7 @@
#include "WebKitPluginPrivate.h"
#include "WebKitPrivate.h"
#include "WebKitRequestManagerClient.h"
+#include "WebKitSecurityManagerPrivate.h"
#include "WebKitTextChecker.h"
#include "WebKitURISchemeRequestPrivate.h"
#include "WebKitWebContextPrivate.h"
@@ -95,6 +96,7 @@
WKRetainPtr<WKContextRef> context;
GRefPtr<WebKitCookieManager> cookieManager;
+ GRefPtr<WebKitSecurityManager> securityManager;
WKRetainPtr<WKSoupRequestManagerRef> requestManager;
URISchemeHandlerMap uriSchemeHandlers;
URISchemeRequestMap uriSchemeRequests;
@@ -322,6 +324,25 @@
}
/**
+ * webkit_web_context_get_security_manager:
+ * @context: a #WebKitWebContext
+ *
+ * Get the #WebKitSecurityManager of @context.
+ *
+ * Returns: (transfer none): the #WebKitSecurityManager of @context.
+ */
+WebKitSecurityManager* webkit_web_context_get_security_manager(WebKitWebContext* context)
+{
+ g_return_val_if_fail(WEBKIT_IS_WEB_CONTEXT(context), 0);
+
+ WebKitWebContextPrivate* priv = context->priv;
+ if (!priv->securityManager)
+ priv->securityManager = adoptGRef(webkitSecurityManagerCreate(context));
+
+ return priv->securityManager.get();
+}
+
+/**
* webkit_web_context_set_additional_plugins_directory:
* @context: a #WebKitWebContext
* @directory: the directory to add
diff --git a/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.h b/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.h
index a2bf573..f77086f 100644
--- a/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.h
+++ b/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.h
@@ -28,6 +28,7 @@
#include <webkit2/WebKitCookieManager.h>
#include <webkit2/WebKitDefines.h>
#include <webkit2/WebKitDownload.h>
+#include <webkit2/WebKitSecurityManager.h>
#include <webkit2/WebKitURISchemeRequest.h>
G_BEGIN_DECLS
@@ -113,6 +114,9 @@
WEBKIT_API WebKitCookieManager *
webkit_web_context_get_cookie_manager (WebKitWebContext *context);
+WEBKIT_API WebKitSecurityManager *
+webkit_web_context_get_security_manager (WebKitWebContext *context);
+
WEBKIT_API void
webkit_web_context_set_additional_plugins_directory (WebKitWebContext *context,
const gchar *directory);
diff --git a/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-docs.sgml b/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-docs.sgml
index 6aac7c8..a7f34e6 100644
--- a/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-docs.sgml
+++ b/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-docs.sgml
@@ -40,6 +40,7 @@
<xi:include href="xml/WebKitContextMenu.xml"/>
<xi:include href="xml/WebKitContextMenuItem.xml"/>
<xi:include href="xml/WebKitFormSubmissionRequest.xml"/>
+ <xi:include href="xml/WebKitSecurityManager.xml"/>
</chapter>
<index id="index-all">
diff --git a/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-sections.txt b/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-sections.txt
index f30e84e..73defe4 100644
--- a/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-sections.txt
+++ b/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-sections.txt
@@ -30,6 +30,7 @@
webkit_web_context_clear_cache
webkit_web_context_download_uri
webkit_web_context_get_cookie_manager
+webkit_web_context_get_security_manager
webkit_web_context_set_additional_plugins_directory
webkit_web_context_get_plugins
webkit_web_context_get_plugins_finish
@@ -848,3 +849,33 @@
WebKitFormSubmissionRequestPrivate
webkit_form_submission_request_get_type
</SECTION>
+
+<SECTION>
+<FILE>WebKitSecurityManager</FILE>
+WebKitSecurityManager
+webkit_security_manager_register_uri_scheme_as_local
+webkit_security_manager_uri_scheme_is_local
+webkit_security_manager_register_uri_scheme_as_no_access
+webkit_security_manager_uri_scheme_is_no_access
+webkit_security_manager_register_uri_scheme_as_display_isolated
+webkit_security_manager_uri_scheme_is_display_isolated
+webkit_security_manager_register_uri_scheme_as_secure
+webkit_security_manager_uri_scheme_is_secure
+webkit_security_manager_register_uri_scheme_as_cors_enabled
+webkit_security_manager_uri_scheme_is_cors_enabled
+webkit_security_manager_register_uri_scheme_as_empty_document
+webkit_security_manager_uri_scheme_is_empty_document
+
+<SUBSECTION Standard>
+WebKitSecurityManagerClass
+WEBKIT_TYPE_SECURITY_MANAGER
+WEBKIT_SECURITY_MANAGER
+WEBKIT_IS_SECURITY_MANAGER
+WEBKIT_SECURITY_MANAGER_CLASS
+WEBKIT_IS_SECURITY_MANAGER_CLASS
+WEBKIT_SECURITY_MANAGER_GET_CLASS
+
+<SUBSECTION Private>
+WebKitSecurityManagerPrivate
+webkit_security_manager_get_type
+</SECTION>
diff --git a/Source/WebKit2/UIProcess/API/gtk/tests/TestWebKitWebContext.cpp b/Source/WebKit2/UIProcess/API/gtk/tests/TestWebKitWebContext.cpp
index 7c71224..7a13d28 100644
--- a/Source/WebKit2/UIProcess/API/gtk/tests/TestWebKitWebContext.cpp
+++ b/Source/WebKit2/UIProcess/API/gtk/tests/TestWebKitWebContext.cpp
@@ -297,6 +297,83 @@
soup_message_body_complete(message->response_body);
}
+class SecurityPolicyTest: public Test {
+public:
+ MAKE_GLIB_TEST_FIXTURE(SecurityPolicyTest);
+
+ enum SecurityPolicy {
+ Local = 1 << 1,
+ NoAccess = 1 << 2,
+ DisplayIsolated = 1 << 3,
+ Secure = 1 << 4,
+ CORSEnabled = 1 << 5,
+ EmptyDocument = 1 << 6
+ };
+
+ SecurityPolicyTest()
+ : m_manager(webkit_web_context_get_security_manager(webkit_web_context_get_default()))
+ {
+ }
+
+ void verifyThatSchemeMatchesPolicy(const char* scheme, unsigned policy)
+ {
+ if (policy & Local)
+ g_assert(webkit_security_manager_uri_scheme_is_local(m_manager, scheme));
+ else
+ g_assert(!webkit_security_manager_uri_scheme_is_local(m_manager, scheme));
+ if (policy & NoAccess)
+ g_assert(webkit_security_manager_uri_scheme_is_no_access(m_manager, scheme));
+ else
+ g_assert(!webkit_security_manager_uri_scheme_is_no_access(m_manager, scheme));
+ if (policy & DisplayIsolated)
+ g_assert(webkit_security_manager_uri_scheme_is_display_isolated(m_manager, scheme));
+ else
+ g_assert(!webkit_security_manager_uri_scheme_is_display_isolated(m_manager, scheme));
+ if (policy & Secure)
+ g_assert(webkit_security_manager_uri_scheme_is_secure(m_manager, scheme));
+ else
+ g_assert(!webkit_security_manager_uri_scheme_is_secure(m_manager, scheme));
+ if (policy & CORSEnabled)
+ g_assert(webkit_security_manager_uri_scheme_is_cors_enabled(m_manager, scheme));
+ else
+ g_assert(!webkit_security_manager_uri_scheme_is_cors_enabled(m_manager, scheme));
+ if (policy & EmptyDocument)
+ g_assert(webkit_security_manager_uri_scheme_is_empty_document(m_manager, scheme));
+ else
+ g_assert(!webkit_security_manager_uri_scheme_is_empty_document(m_manager, scheme));
+ }
+
+ WebKitSecurityManager* m_manager;
+};
+
+static void testWebContextSecurityPolicy(SecurityPolicyTest* test, gconstpointer)
+{
+ // VerifyThatSchemeMatchesPolicy default policy for well known schemes.
+ test->verifyThatSchemeMatchesPolicy("http", SecurityPolicyTest::CORSEnabled);
+ test->verifyThatSchemeMatchesPolicy("https", SecurityPolicyTest::CORSEnabled | SecurityPolicyTest::Secure);
+ test->verifyThatSchemeMatchesPolicy("file", SecurityPolicyTest::Local);
+ test->verifyThatSchemeMatchesPolicy("data", SecurityPolicyTest::NoAccess | SecurityPolicyTest::Secure);
+ test->verifyThatSchemeMatchesPolicy("about", SecurityPolicyTest::NoAccess | SecurityPolicyTest::Secure | SecurityPolicyTest::EmptyDocument);
+
+ // Custom scheme.
+ test->verifyThatSchemeMatchesPolicy("foo", 0);
+
+ webkit_security_manager_register_uri_scheme_as_local(test->m_manager, "foo");
+ test->verifyThatSchemeMatchesPolicy("foo", SecurityPolicyTest::Local);
+ webkit_security_manager_register_uri_scheme_as_no_access(test->m_manager, "foo");
+ test->verifyThatSchemeMatchesPolicy("foo", SecurityPolicyTest::Local | SecurityPolicyTest::NoAccess);
+ webkit_security_manager_register_uri_scheme_as_display_isolated(test->m_manager, "foo");
+ test->verifyThatSchemeMatchesPolicy("foo", SecurityPolicyTest::Local | SecurityPolicyTest::NoAccess | SecurityPolicyTest::DisplayIsolated);
+ webkit_security_manager_register_uri_scheme_as_secure(test->m_manager, "foo");
+ test->verifyThatSchemeMatchesPolicy("foo", SecurityPolicyTest::Local | SecurityPolicyTest::NoAccess | SecurityPolicyTest::DisplayIsolated | SecurityPolicyTest::Secure);
+ webkit_security_manager_register_uri_scheme_as_cors_enabled(test->m_manager, "foo");
+ test->verifyThatSchemeMatchesPolicy("foo", SecurityPolicyTest::Local | SecurityPolicyTest::NoAccess | SecurityPolicyTest::DisplayIsolated | SecurityPolicyTest::Secure
+ | SecurityPolicyTest::CORSEnabled);
+ webkit_security_manager_register_uri_scheme_as_empty_document(test->m_manager, "foo");
+ test->verifyThatSchemeMatchesPolicy("foo", SecurityPolicyTest::Local | SecurityPolicyTest::NoAccess | SecurityPolicyTest::DisplayIsolated | SecurityPolicyTest::Secure
+ | SecurityPolicyTest::CORSEnabled | SecurityPolicyTest::EmptyDocument);
+}
+
void beforeAll()
{
kServer = new WebKitTestServer();
@@ -307,6 +384,7 @@
URISchemeTest::add("WebKitWebContext", "uri-scheme", testWebContextURIScheme);
Test::add("WebKitWebContext", "spell-checker", testWebContextSpellChecker);
WebViewTest::add("WebKitWebContext", "languages", testWebContextLanguages);
+ SecurityPolicyTest::add("WebKitSecurityManager", "security-policy", testWebContextSecurityPolicy);
}
void afterAll()
diff --git a/Source/WebKit2/UIProcess/API/gtk/webkit2.h b/Source/WebKit2/UIProcess/API/gtk/webkit2.h
index 116dafc..e1f3ba0 100644
--- a/Source/WebKit2/UIProcess/API/gtk/webkit2.h
+++ b/Source/WebKit2/UIProcess/API/gtk/webkit2.h
@@ -47,6 +47,7 @@
#include <webkit2/WebKitPrintOperation.h>
#include <webkit2/WebKitResponsePolicyDecision.h>
#include <webkit2/WebKitScriptDialog.h>
+#include <webkit2/WebKitSecurityManager.h>
#include <webkit2/WebKitSettings.h>
#include <webkit2/WebKitURIRequest.h>
#include <webkit2/WebKitURIResponse.h>
diff --git a/Source/WebKit2/UIProcess/WebContext.cpp b/Source/WebKit2/UIProcess/WebContext.cpp
index 0dc5306..9adb608 100644
--- a/Source/WebKit2/UIProcess/WebContext.cpp
+++ b/Source/WebKit2/UIProcess/WebContext.cpp
@@ -336,6 +336,10 @@
copyToVector(m_schemesToRegisterAsEmptyDocument, parameters.urlSchemesRegistererdAsEmptyDocument);
copyToVector(m_schemesToRegisterAsSecure, parameters.urlSchemesRegisteredAsSecure);
copyToVector(m_schemesToSetDomainRelaxationForbiddenFor, parameters.urlSchemesForWhichDomainRelaxationIsForbidden);
+ copyToVector(m_schemesToRegisterAsLocal, parameters.urlSchemesRegisteredAsLocal);
+ copyToVector(m_schemesToRegisterAsNoAccess, parameters.urlSchemesRegisteredAsNoAccess);
+ copyToVector(m_schemesToRegisterAsDisplayIsolated, parameters.urlSchemesRegisteredAsDisplayIsolated);
+ copyToVector(m_schemesToRegisterAsCORSEnabled, parameters.urlSchemesRegisteredAsCORSEnabled);
parameters.shouldAlwaysUseComplexTextCodePath = m_alwaysUsesComplexTextCodePath;
parameters.shouldUseFontSmoothing = m_shouldUseFontSmoothing;
@@ -640,6 +644,30 @@
sendToAllProcesses(Messages::WebProcess::SetDomainRelaxationForbiddenForURLScheme(urlScheme));
}
+void WebContext::registerURLSchemeAsLocal(const String& urlScheme)
+{
+ m_schemesToRegisterAsLocal.add(urlScheme);
+ sendToAllProcesses(Messages::WebProcess::RegisterURLSchemeAsLocal(urlScheme));
+}
+
+void WebContext::registerURLSchemeAsNoAccess(const String& urlScheme)
+{
+ m_schemesToRegisterAsNoAccess.add(urlScheme);
+ sendToAllProcesses(Messages::WebProcess::RegisterURLSchemeAsNoAccess(urlScheme));
+}
+
+void WebContext::registerURLSchemeAsDisplayIsolated(const String& urlScheme)
+{
+ m_schemesToRegisterAsDisplayIsolated.add(urlScheme);
+ sendToAllProcesses(Messages::WebProcess::RegisterURLSchemeAsDisplayIsolated(urlScheme));
+}
+
+void WebContext::registerURLSchemeAsCORSEnabled(const String& urlScheme)
+{
+ m_schemesToRegisterAsCORSEnabled.add(urlScheme);
+ sendToAllProcesses(Messages::WebProcess::RegisterURLSchemeAsCORSEnabled(urlScheme));
+}
+
void WebContext::setCacheModel(CacheModel cacheModel)
{
m_cacheModel = cacheModel;
diff --git a/Source/WebKit2/UIProcess/WebContext.h b/Source/WebKit2/UIProcess/WebContext.h
index dfeff1f..1d051c8 100644
--- a/Source/WebKit2/UIProcess/WebContext.h
+++ b/Source/WebKit2/UIProcess/WebContext.h
@@ -132,6 +132,10 @@
void registerURLSchemeAsEmptyDocument(const String&);
void registerURLSchemeAsSecure(const String&);
void setDomainRelaxationForbiddenForURLScheme(const String&);
+ void registerURLSchemeAsLocal(const String&);
+ void registerURLSchemeAsNoAccess(const String&);
+ void registerURLSchemeAsDisplayIsolated(const String&);
+ void registerURLSchemeAsCORSEnabled(const String&);
void addVisitedLink(const String&);
void addVisitedLinkHash(WebCore::LinkHash);
@@ -295,6 +299,10 @@
HashSet<String> m_schemesToRegisterAsEmptyDocument;
HashSet<String> m_schemesToRegisterAsSecure;
HashSet<String> m_schemesToSetDomainRelaxationForbiddenFor;
+ HashSet<String> m_schemesToRegisterAsLocal;
+ HashSet<String> m_schemesToRegisterAsNoAccess;
+ HashSet<String> m_schemesToRegisterAsDisplayIsolated;
+ HashSet<String> m_schemesToRegisterAsCORSEnabled;
bool m_alwaysUsesComplexTextCodePath;
bool m_shouldUseFontSmoothing;
diff --git a/Source/WebKit2/WebProcess/WebProcess.cpp b/Source/WebKit2/WebProcess/WebProcess.cpp
index ef86bf3..f9267c6 100644
--- a/Source/WebKit2/WebProcess/WebProcess.cpp
+++ b/Source/WebKit2/WebProcess/WebProcess.cpp
@@ -292,6 +292,26 @@
SchemeRegistry::setDomainRelaxationForbiddenForURLScheme(true, urlScheme);
}
+void WebProcess::registerURLSchemeAsLocal(const String& urlScheme) const
+{
+ SchemeRegistry::registerURLSchemeAsLocal(urlScheme);
+}
+
+void WebProcess::registerURLSchemeAsNoAccess(const String& urlScheme) const
+{
+ SchemeRegistry::registerURLSchemeAsNoAccess(urlScheme);
+}
+
+void WebProcess::registerURLSchemeAsDisplayIsolated(const String& urlScheme) const
+{
+ SchemeRegistry::registerURLSchemeAsDisplayIsolated(urlScheme);
+}
+
+void WebProcess::registerURLSchemeAsCORSEnabled(const String& urlScheme) const
+{
+ SchemeRegistry::registerURLSchemeAsCORSEnabled(urlScheme);
+}
+
void WebProcess::setDefaultRequestTimeoutInterval(double timeoutInterval)
{
ResourceRequest::setDefaultTimeoutInterval(timeoutInterval);
diff --git a/Source/WebKit2/WebProcess/WebProcess.h b/Source/WebKit2/WebProcess/WebProcess.h
index 953af29..0f542be 100644
--- a/Source/WebKit2/WebProcess/WebProcess.h
+++ b/Source/WebKit2/WebProcess/WebProcess.h
@@ -199,6 +199,10 @@
void registerURLSchemeAsEmptyDocument(const String&);
void registerURLSchemeAsSecure(const String&) const;
void setDomainRelaxationForbiddenForURLScheme(const String&) const;
+ void registerURLSchemeAsLocal(const String&) const;
+ void registerURLSchemeAsNoAccess(const String&) const;
+ void registerURLSchemeAsDisplayIsolated(const String&) const;
+ void registerURLSchemeAsCORSEnabled(const String&) const;
void setDefaultRequestTimeoutInterval(double);
void setAlwaysUsesComplexTextCodePath(bool);
void setShouldUseFontSmoothing(bool);
diff --git a/Source/WebKit2/WebProcess/WebProcess.messages.in b/Source/WebKit2/WebProcess/WebProcess.messages.in
index 22716ce..336ff8b 100644
--- a/Source/WebKit2/WebProcess/WebProcess.messages.in
+++ b/Source/WebKit2/WebProcess/WebProcess.messages.in
@@ -42,6 +42,10 @@
RegisterURLSchemeAsEmptyDocument(WTF::String scheme)
RegisterURLSchemeAsSecure(WTF::String scheme)
SetDomainRelaxationForbiddenForURLScheme(WTF::String scheme)
+ RegisterURLSchemeAsLocal(WTF::String scheme)
+ RegisterURLSchemeAsNoAccess(WTF::String scheme)
+ RegisterURLSchemeAsDisplayIsolated(WTF::String scheme)
+ RegisterURLSchemeAsCORSEnabled(WTF::String scheme)
SetDefaultRequestTimeoutInterval(double timeoutInterval)
SetAlwaysUsesComplexTextCodePath(bool alwaysUseComplexText)
SetShouldUseFontSmoothing(bool useFontSmoothing)
